Scribd
Upload
29 views

Final Interviw Prepar

This document discusses various cybersecurity topics including how to analyze spoofed emails, credential harvesting, malware persistence, differences between SSL and TLS, the .pcap file extension, the MITRE ATT&CK framework, threat hunting, differences between IPS and firewalls, indicators of compromise (IOC), tactics, techniques, and procedures (TTP), lateral movement, command and control, the Open Web Application Security Project (OWASP), and the top 10 OWASP vulnerabilities.

Uploaded by

sandeep singh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
29 views

Final Interviw Prepar

This document discusses various cybersecurity topics including how to analyze spoofed emails, credential harvesting, malware persistence, differences between SSL and TLS, the .pcap file extension, the MITRE ATT&CK framework, threat hunting, differences between IPS and firewalls, indicators of compromise (IOC), tactics, techniques, and procedures (TTP), lateral movement, command and control, the Open Web Application Security Project (OWASP), and the top 10 OWASP vulnerabilities.

Uploaded by

sandeep singh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Intro

How to know that email is spoofed and how analyse

 Email Body- Email ID, Subject line, Attachments And Content of the email/ message
(URL, Urgency, Collecting information)

• Email Header- Authentication results (DMARC)- Domain-based Message


Authentication, Reporting and Conformance- SPF- Sender Policy framework-
checking that email user is existing in enterprise or not. Domain Key identified
message/mail (DKIM)- to check is the email coming from valid domain.

• Sender IP , From address, Return Path, Reply to, SCL Rating, BCL rating

1. What is credential harvesting?


DNS will be poisoned first then DNS will provide spoofed IP with colon website page. Credential
harvesting emails attempt to trick users into entering their credentials into a fraudulent website to
steal their login information. After entering the credentials, the user is often redirected to a
legitimate webpage.

2. What does persistence mean in malware?


Once malware gains access to a system, it often looks to be there for a long time. This behaviour is
known as persistence. If the persistence mechanism is unique enough, it can even serve as a great
way to fingerprint a given piece of malware.

3. Which is best SSL or TLS?


TLS and SSL are both protocols to authenticate and encrypt the transfer of data on the Internet. The
two are tightly linked and TLS is really just the more modern, secure version of SSL

 Transport Layer Security/ Secure Sockets Layer (SSL/TLS)- We use TLS above 1.2version for
security reasons
SSL is a cryptographic protocol that uses explicit connections to establish secure
communication between web server and client.- Netscape introduced SSL in 1995.
TLS is also a cryptographic protocol that provides secure communication between web
server and client via implicit connections. NSA introduced TLS with TLS 1.0,1.1,1.2,1.3.
4. Extension of pcap?
The . pcap file extension is mainly associated with Wireshark; a program used for analysing
networks. . pcap files are data files created using the program and they contain the packet data of a
network. These files are mainly used in analysing the network characteristics of a certain data.
5. What is the MITRE ATT&CK framework?
MITRE ATT&CK® stands for MITRE Adversarial Tactics, Techniques, and Common Knowledge
(ATT&CK). The MITRE ATT&CK framework is a curated knowledge base and model for cyber
adversary behaviour, reflecting the various phases of an adversary's attack lifecycle and the
platforms they are known to target.

The MITRE ATT&CK Windows Matrix for Enterprise consists of 12 tactics: Initial Access, Execution,
Persistence, Privilege Escalation, Défense Evasion, Credential Access, Discovery, Lateral Movement,
Collection, Command and Control, Exfiltration and Impact.

6. What is threat hunting?


It’s a offensives side of cyber security. Cyber threat hunting is a proactive search for cyber threats or
weaknesses which could allow cyber attackers into a network or system. Without skilled IT
professionals trained to identify breaches or vulnerabilities, malware or ransomware can easily
overwhelm a network while data theft cripples a business

7. Differences Between IPS and Firewalls


An IPS will inspect content of the request and be able to drop, alert, or potentially clean a malicious
network request based on that content. The determination of what is malicious is based either on
behaviour analysis or through the use of signatures.

A firewall will block traffic based on network information such as IP address, network port and
network protocol. It will make some decisions based on the state of the network connection.

8. What is IOC, IOA and TTP


Indicators of compromise (IOCs) to identify attack footprints like clues and evidence of a data
breach. Adopting a detection strategy based on Tactics, Techniques, and Procedures (TTPs) returns
power to the defender. There are things to capture is collect, analyse and determine.

Need to check

Unusual Nw traffic – irregular behaviour of traffic

Anomalies in privilege user account activity- User has limited privileges but he is using other
privileges.

Geographical irregularities in network traffic- Data is being used in other country.

Account Login – Unknown account login

Increase DB R/W operations

Volume of requests to same file or same object in directory

Mismatch Ports traffic including secure or encrypted traffic on the plain ports
Suspicious file changes – Changes on file system, registry key changes

Unusual DNS request

Unexpected Patches

AV is stop working

Lateral Movement
Lateral movement refers to the techniques that a cyberattacked use, after gaining initial access, to
move deeper into a network in search of sensitive data and other high-value assets. ... And with a
protracted dwell time, data theft might not occur until weeks or even months after the original
breach.

Command and Control


Looking for specific domains which are marked as an IOC or bad domains.
Reverse Engineering the DGA and automatically generate a blacklist with domains

TTP----
Privilege Escalation - Privilege escalation of a process running with low privileges.

Pass-The-Hash Attacks- Malware dumps cached authentication credentials and reuses them in Pass-
the-Hash attacks

Domain Generation Algorithms (DGA) Usage of Domain-Generation-Algorithms to dynamically


generate domain names

https://azeria-labs.com/persistence/

IOA-

APT- Advance persistent threat - From cyber criminals who seek personal financial information and
intellectual property to state-sponsored cyber-attacks designed to steal data and compromise
infrastructure, today's advanced persistent threats (APTs) can sidestep cyber security efforts and
cause serious damage to your organization.

API- API stands for Application Programming Interface. An API is a software intermediary that
allows two applications to talk to each other. In other words, an API is the messenger that delivers
your request to the provider that you're requesting it from and then delivers the response back to
you.
Registry- The registry is a hierarchical database that contains data that is critical for the operation of
Windows and the applications and services that run on Windows. The data is structured in a tree
format. Each node in the tree is called a key. Each key can contain both subkeys and data entries
called values.

What is OWASP?
OWASP stands for the Open Web Application Security Project, an online community that
produces articles, methodologies, documentation, tools, and technologies in the field of
web application security.

The Top 10 OWASP vulnerabilities in 2021 are:


 Injection
 Broken authentication
 Sensitive data exposure
 XML external entities (XXE)
 Broken access control
 Security misconfigurations
 Cross site scripting (XSS)
 Insecure deserialization
 Using components with known vulnerabilities
 Insufficient logging and monitoring

https://sucuri.net/guides/owasp-top-10-security-vulnerabilities-2021/+

You might also like