1) What transport layer and application layer protocols are commonly associated with the following ports (i.e. TCP and RTSP): 21, 22, 23, 80, 443, 53, 1389, 1433, 3389
2) Name 3 methods that malware may use to persist within the Windows Operating system and 3 methods within Linux-based operating systems:
3) What type of encoding is used in the sample below? What is the key? What are the contents of the encoded data?
|
4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0E 1F BA 0E 00 B4 09 CD 21 B8 01 4C CD 21 54 68 69 73 20 70 72 6F 67 72 61 6D 20 63 61 6E 6E 6F 74 20 62 65 20 72 75 6E 20 69 6E 20 44 4F 53 20 6D 6F 64 65 2E 0D 0D 0A 24 00 00 00 00 00 00 00 50 45 C3 C3 8F C2 C0 C3 C4 B2 47 8D C3 C3 C3 C3 C3 C3 C3 C3 23 C3 C1 C2 C8 C2 CB C3 C3 A5 C3 C3 C3 D5 C3 C3 C3 C3 C3 C3 FD 46 C3 C3 C3 E3 C3 C3 C3 63 C3 C3 C3 C3 83 C3 C3 E3 C3 C3 C3 C1 C3 C3 90 A6 B1 B5 A6 B1 FE B4 B4 B4 ED A1 A2 A7 B0 B7 B6 A5 A5 ED B1 B6 C3 C3 C3 C3 C3 C1 C3 83 46 C3 C3 D3 C3 C3 D3 C3 C3 C3 C3 D3 C3 C3 D3 C3 C3 C3 C3 C3 C3 D3 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 2F 47 C3 C3 8C C3 C3 C3 C3 63 C3 C3 B3 D1 C3 C3 C3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
4) Explain SQL Injection in your own words, and how developers can mitigate SQL injection vulnerabilities:
5) Describe a situation where you wrote an application or script to solve a problem:
6) Describe a method for identifying attacker activity using Netflow. What common fields exist in netflow records and how would you use them?
7) Explain in detail what happens when you type www.google.com into a web browser and hit enter:
8) What mechanisms exist to extract usernames and passwords from a Windows system?
9) What is the difference between a DLL and an EXE executable?
10) What data is contained within the Import Address Table of a Windows Portable Executable?
11) What can you determine about the capabilities of an executable based on information in the IAT?
12) What is a packer? Provide examples of common packers:
13) What is the purpose of the SysWOW64 directory in 64-bit Windows Operating Systems?
14) Describe DLL load order hijacking:
15) What is an ADS (Alternate Data Stream)?
16) What is a rootkit? What methods exist for identifying rootkits?
17) What is shellcode? How is shellcode typically executed?
18) Given the DLL functions listed below, what capabilities might this sample have?
19) What is a webshell?
20) What are common methods used by attackers to implant a webshell on a system?
21) What applications do exploit kits such as Angler and Neutrino commonly target? Why?
22) What is the difference between Symmetric and Asymmetric encryption?
23) What forensic or malware analysis tools have you used in the past? Which tools are you most comfortable with?