guide-ceh

Concise Courses provides ISC2 CISSP, CompTIA Security+, EC-Council CEH and Mile2 CPTE Training. For fees and more information please visit:
concise-courses.com/options/ec-council/ceh/ Watch our “Hacker Hotshots!” Web Show. Watch the world’s best security professionals present live.
We interview speakers from Black Hat, DefCon, Hacker Halted, ShmooCon, ToorCon etc. See who is presenting this week! concise-courses.com/upcoming
Concise-Courses.com
Information Security Training
Table of Contents
Is it for me?
1.0 Why study EC Council’s CEHv8?
2.0 How to break into the Information Security Field

Course structure and useful information
3.0 CEHv8 Syllabus
4.0 Exam Structure - how is it graded?
5.0 Prerequisites - before studying CEHv8
6.0 150 Information Security Acronyms
7.0 50 FireFox Pentesting addons

Career advice
8.0 Salaries and Opportunities
9.0 EC Council InfoSec Pathway
10.0 InfoSec Interview questions
11.0 Thirteen Interview No-No’s!
Thank you for having downloaded our Certifed Ethical Hacker (CEHv8) Information Pack.
We hope you fnd it useful.
The demand for qualifed information security experts continues to grow!
Employment within the information security space is projected to grow 22 percent from 2010 to 2020,
faster than the average for all occupations, according to Eric Presley, CTO at CareerBuilder.
The demand for security pros is booming: InformationWeek 2013 Salary Survey reports that 63% of IT
security stafers are ‘satisfed’ or ‘very satisfed’ with all aspects of their security jobs; a fgure which is
very much higher than any other profession.
Hacker Hotshots!
Join us for our weekly Hacker Hotshots Webshows!
concise-courses.com/upcoming

We interview the world’s best security experts. Most of our
speakers have spoken at Black Hat, Defcon, Hacker Halted,
Toorcon etc. Subjects include Cyber Warfare, Social Engineering
SQL Injection, XSS Exploits, Mobile Hacking and more!
Weekly 15 mins shows! Join Us!
To see the various CEHv8 study options & fees please visit:
http://www.concise-courses.com/options/ec-council/ceh/
Concise Courses provides ISC2 CISSP, CompTIA Security+, EC-Council CEH and Mile2 CPTE Training. For fees and more information please visit:
concise-courses.com/options/ec-council/ceh/ Watch our “Hacker Hotshots!” Web Show. Watch the world’s best security professionals present live.
We interview speakers from Black Hat, DefCon, Hacker Halted, ShmooCon, ToorCon etc. See who is presenting this week! concise-courses.com/upcoming
Concise-Courses.com
Information Security Training
1.0 Why study EC Council’s CEHv8?
The CEH Program certifes individuals in the specifc network security discipline of Ethical Hacking from a
vendor-neutral perspective. The Certifed Ethical Hacker certifcation will fortify the application
knowledge of security ofcers, auditors, security professionals, site administrators, and anyone who is
concerned about the integrity of the network infrastructure. A Certifed Ethical Hacker is a skilled
professional who understands and knows how to look for the weaknesses and vulnerabilities in target
systems. CEH Professionals use the same knowledge and tools as malicious hackers.

The purpose of the CEH credential is to:

a) Establish and govern minimum standards for credentialing professional information security
specialists in ethical hacking measures.

b) Inform the public that credentialed individuals meet or exceed the minimum standards

c) Reinforce ethical hacking as a unique and self-regulating profession.

Once certifed, you will join the growing ranks of InfoSec professionals including members of the US
Army, FBI, Microsoft, IBM, and United Nations. Many of these certifcations are recognized worldwide and
have received endorsements from various government agencies including the US Federal Government via
the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems
(CNSS). Moreover, the United States Department of Defense has included the CEH program into its
Directive 8570 making it one of the mandatory standards to be achieved by Computer Network
Defenders Service Providers (CND-SP)
2.0 How to break into Information Security Field?
The typical profle of an Information Security Analyst will have, along with a certifcation like the
CompTIA Security+ designation or Certifed Ethical Hacker, three to fve years of experience, a Bachelors
or Masters Industry Certifcations and will earning a median salary of $86,000. That all sounds great - but
for someone just starting out the prospect can seem daunting.
The truth is that to break into the InfoSec feld, like any industry, takes time, training, perhaps a bit of
luck but more importantly: determination. The best tip we can give is this, never give up! OK, but more
specifcally here are our tips to help you break into the industry.
We have compiled 12 tips to break into the feld:
1. Get involved in your community!
You must (obviously) have an interest in security. Getting involved with Hacker Groups or Linux User
Clubs in your local town or city is a great idea. Meetup.com is a great resource. We counted 250 Hacker
Groups with 45,000 members. Not only will it be fun to meet like-minded people, but joining the group
will enable networking and at the very least your new friends will ofer you free advice to help you crack
into the industry. Volunteer to present a tutorial at your club or research a topic of interest. Often the
hacker club will enter into a Capture The Flag competitions, again another great way to network. Win the
competition and your CV will shine.
Concise Courses provides ISC2 CISSP, CompTIA Security+, EC-Council CEH and Mile2 CPTE Training. For fees and more information please visit:
concise-courses.com/options/ec-council/ceh/ Watch our “Hacker Hotshots!” Web Show. Watch the world’s best security professionals present live.
We interview speakers from Black Hat, DefCon, Hacker Halted, ShmooCon, ToorCon etc. See who is presenting this week! concise-courses.com/upcoming
Concise-Courses.com
Information Security Training
2. Learn to code!
Become a code monkey! There is no question that you can get through life without ever learning a line of
code, however, in this industry, it is vital that you understand (some) code. Try diferent languages, or
diferent application domains, but fnd a way to make programming stick in your head. The C
Programming Language has the most cachet in application security, but Java or Python or Ruby will do
just fne.
3. Become even more curious!
The frst and most important characteristic you need to succeed in information security is curiosity.
Period. Continue to immerse yourself in legacy technology but also in new technology and software - try
to understand where computing, and aspects therein, are headed.
4. Get in the trenches and fght!
The best information security professionals are those that have been “In The Trenches”, working as a
help desk technician, systems administrator, or network engineer. Working in these positions will gain
you an understanding of how things work, which lays the foundation to learn how to break them and
make them do things they were not intended to do.
5. Get certifed!
A subject close to our heart! As mentioned above, many information security specialists started of as
help desk technicians or systems administrators and then migrate into security Often a network or a
support technician will have to wear a “Security Hat” – especially when working for an SME. You can
follow that traditional pathway or skip the initial steps and jump straight into getting an InfoSec cert.
CompTIA Security+ and/ or Certifed Ethical Hacker is a good starting point and will greatly increase your
chance of landing a job. Sure, a degree in Computer Sciences is a plus but we favor the more “practical”
vendor-free certifcations like those just mentioned. If you have an interest in InfoSec why not test your
knowledge with our virtual test center (please see section 5.0) and see how you perform with a practice
multiple choice CompTIA Security+/ CEH or CISSP test exam. When you signed up for this PDF you re-
ceived a login. Please see section 5.0 for more information.
6. Seek and achieve real work experience.
In our opinion, a lack of a master’s degree will not make entering the Information Security Field more
difcult; however, being able to demonstrate a track record of proven achievement, not just academic
study, is golden. In terms of getting work experience and if you have the patience, we would recommend
interning. Opportunities are endless in the computer security feld – research your security niche fnd the
companies and contact them for work experience.
7. Read and watch Information Security blogs, podcasts and Web Shows.
Obvious tip but reading in-depth blogs & listen to podcasts/webcasts – presented by experts is free and
an excellent way to learn. Keeping up with all this can be a full-time job in and of itself. Our suggestion is
to use an RSS news reader and subscribe to as many technology and security related resources as pos-
sible. Here are some that we recommend: Liquid Matrix, Packetstorm, Rootsecure, Secguru, Astalavista,
Dark Reading, and Internet Storm Center. Although not strictly related to Information Security, we also
recommend the Linux Action Show which is a live web show organized by Jupiter Broadcasting.
Concise Courses provides ISC2 CISSP, CompTIA Security+, EC-Council CEH and Mile2 CPTE Training. For fees and more information please visit:
concise-courses.com/options/ec-council/ceh/ Watch our “Hacker Hotshots!” Web Show. Watch the world’s best security professionals present live.
We interview speakers from Black Hat, DefCon, Hacker Halted, ShmooCon, ToorCon etc. See who is presenting this week! concise-courses.com/upcoming
Concise-Courses.com
Information Security Training
8. Step up a home network, lab or vulnerable box.
This stems from being curious. You should already be familiar with the fundamentals of computing but if
you haven’t done so already, setup a home network or better still, a lab. Setting up a lab is not a (majorly)
difcult task. VMware makes free versions of their software, and there are thousands of pre-confgured
virtual hosts available on their web site. Try not to focus on just setting up security tools, instead try to
setup a fle server using Samba (or better Samba 4.0 which just came out!) and lock it down. This exercise
can provide valuable experience and again, discussing your knowledge and love for geekery will impress
employers.
9. Go to conferences.
Defcon is one of the largest conferences on the West Coast, and Shmoocon is a popular conference
on the East Coast. This is another great place to network and there are several smaller conferences all
across the country. Examples include, Hacktivity, ToorCon, HackFest, Hacker Halted, Secure World Expo,
SecureWorld Conference, Black Hat and THOTCON. Tip! Watch our Hacker Hotshots Web Show!
10. Learn to love and use Backtrack, Blackbuntu or Backbox.
Backtrack is the most widely used PenTest Distro Backtrack which also functions as an excellent live CD
distribution. The latest Backtrack distro includes some of the following tools – learn how to use them!
(Remember – look at Tip 1 – it would be great if you learn how to efectively use one or more of these
tools and present it at your local hacking group).
Here are some of the tools included with Backtrack which you should learn now.
Identify Live Hosts
dnmap - Distributed NMap
address6 (The Second Alive6 entry)
IPV6 address conversion
Information Gathering Analysis
Jigsaw – Grabs information about company employees
Uberharvest – E-mail harvester
sslcaudit – SSL Cert audit
VoIP honey – VoIP Honeypot
urlcrazy – Detects URL typos used in typo squatting, url hijacking, phishing
Web Crawlers
Apache_users – Apache username enumerator
Deblaze – Performs enumeration & interrogation against Flash remote end points
Database Analysis
Tnscmd10g – Allows you to inject commands into Oracle
BBQSQL – Blind SQL injection toolkit
Bluetooth Analysis
Blueranger – Uses link quality to locate Bluetooth devices
Concise Courses provides ISC2 CISSP, CompTIA Security+, EC-Council CEH and Mile2 CPTE Training. For fees and more information please visit:
concise-courses.com/options/ec-council/ceh/ Watch our “Hacker Hotshots!” Web Show. Watch the world’s best security professionals present live.
We interview speakers from Black Hat, DefCon, Hacker Halted, ShmooCon, ToorCon etc. See who is presenting this week! concise-courses.com/upcoming
Concise-Courses.com
Information Security Training
Exploitation Tools
Netgear-telnetable – Enables Telnet console on Netgear devices
Nermineter – Smart Meter tester
Htexploit – Tool to bypass standard directory protection
Jboss-Autopwn – Deploys JSP shell on target JBoss servers
Websploit – Scans & analyses remote systems for vulnerabilities
Wireless Exploitation Tools
Bluepot – Bluetooth honeypot
Spooftooph – Spoofs or clones Bluetooth devices
Smartphone-Pentest-Framework
Fern-Wif-cracker – Gui for testing Wireless encryption strength
Wi-fhoney – Creates fake APs using all encryption and monitors with Airodump
Wifte – Automated wireless auditor
Password Tools
Creddump
Johnny
Manglefzz
Ophcrack
Phrasendresher
Rainbowcrack
11. Participate in open source projects.
There are many ways that you can help in projects. Participating shows genuine enthusiasm and obviously
will make you familiar with your chosen feld of Information Security technology whilst being able to
network with similar like-minded professionals.
12 Social Networks
Not only are social networks fun to hack and see how a hacker can use social engineering, but they are
one of the best ways to network in the feld. Twitter has become a great tool for this, and even has the
“Security Twits” group consisting of security people using Twitter. Facebook and LinkedIn can also be
valuable networking tools to help you meet people and fnd a job.
Concise Courses provides ISC2 CISSP, CompTIA Security+, EC-Council CEH and Mile2 CPTE Training. For fees and more information please visit:
concise-courses.com/options/ec-council/ceh/ Watch our “Hacker Hotshots!” Web Show. Watch the world’s best security professionals present live.
We interview speakers from Black Hat, DefCon, Hacker Halted, ShmooCon, ToorCon etc. See who is presenting this week! concise-courses.com/upcoming
Concise-Courses.com
Information Security Training
3.0 CEHv8 Syllabus

Module 01: Introduction to Ethical Hacking
Module 02: Footprinting and Reconnaissance
Module 03: Scanning Networks
Module 04: Enumeration
Module 05: System Hacking
Module 06: Trojans and Backdoors
Module 07: Viruses and Worms
Module 08: Snifers
Module 09: Social Engineering
Module 10: Denial of Service
Module 11: Session Hijacking
Module 12: Hacking Webservers
Module 13: Hacking Web Applications
Module 14: SQL Injection
Module 15: Hacking Wireless Networks
Module 16: Evading IDS, Firewalls, and Honeypots
Module 17: Bufer Overfow
Module 18: Cryptography
Module 19: Penetration Testing
4.0 Exam Structure - how is it graded?

Candidates will be granted the Certifed Ethical Hacker v8 credential by passing a proctored
CEH exam with a minimum cut score of 70%. The exam will be for 4 hours with 125 multiple
choice questions.

Candidates will be tested in the following task and knowledge domains of ethical hacking:

Tasks:
1. System Development & /Management
2. System Analysis & Audits
3. Security Testing/Vulnerabilities
4. Reporting
5. Mitigation
6. Ethics

Knowledge:
1. Background
2. Analysis/Assessment
3. Security
4. Tools/Systems/Programs
5. Procedures/Methodology
6. Regulation/Policy
7. Ethics
Concise Courses provides ISC2 CISSP, CompTIA Security+, EC-Council CEH and Mile2 CPTE Training. For fees and more information please visit:
concise-courses.com/options/ec-council/ceh/ Watch our “Hacker Hotshots!” Web Show. Watch the world’s best security professionals present live.
We interview speakers from Black Hat, DefCon, Hacker Halted, ShmooCon, ToorCon etc. See who is presenting this week! concise-courses.com/upcoming
Concise-Courses.com
Information Security Training
5.0 Prerequisites - before studying CEHv8

It’s really like this: preparation and prior knowledge will position you in much better place than
simply ‘just turning up’ and hoping that you magically absorb all the information, learn it, and
pass!
The frst thing to mention is this: EC Council, the folks behind CEH, will not allow you to take the
exam if you have zero work experience within information security – that applies for CEHv8 as it
did for CEHv7.
You must give evidence that you have worked within the infosec space, or that you have a prior
certifcation, or, that you have relevant work experience, such as networking or as a systems
administrator. EC-Council refer each case on their own merits, so if you do ft into any of the
above categories, then contact them!
The preferred ‘minimum’ experience is 12 months, but again, this is discretionary.

What is vital however is that you have a strong knowledge of TCP/ IP.
Another recommendation we would give is that you familiarize yourself with Linux, and a Linux
Penetration Testing Distribution. Kali Linux, BackBox, Buqtraq are all examples of popular
distributions. Here is our top ten list of Linux Pentesting Distros:
>> http://www.concise-courses.com/security/top-ten-distros/
If you prefer to use Windows then at the very least you can install a Virtual Machine (with a
Linux Distro).
Understanding how to use the preferred penetration testing tools will prepare you for the
course and will certainly make your life easier! There are certain tools that you will have to use in
order to pass the course: these include, for example, Metasploit, Reaver, Nmap etc.
We have more information on our blog which you are encouraged to read!
>> http://www.concise-courses.com/security
Upon successful attainment of a minimum score you will be issued your CEHv8 credential and will receive
your CEHv8 welcome kit within 4 – 8 weeks.

The CEH credential is valid for 3 year periods but can be renewed each period by successfully earning
EC-Council Continued Education (ECE) credits.
Concise Courses provides ISC2 CISSP, CompTIA Security+, EC-Council CEH and Mile2 CPTE Training. For fees and more information please visit:
concise-courses.com/options/ec-council/ceh/ Watch our “Hacker Hotshots!” Web Show. Watch the world’s best security professionals present live.
We interview speakers from Black Hat, DefCon, Hacker Halted, ShmooCon, ToorCon etc. See who is presenting this week! concise-courses.com/upcoming
Concise-Courses.com
Information Security Training
6.0 Acronyms
3DES: Triple Digital Encryption Standard
AAA: Authentication, Authorization, and Accounting
ACL: Access control list
AES: Advanced Encryption Standard
AES256: Advanced Encryption Standard 256 bit
AH: Authentication Header
ALE: Annual or annualized loss expectancy
AP: Access Point
ARO: Annualized rate of occurrence
ARP: Address Resolution Protocol
AUP: Acceptable use policy
BCP: Business Continuity Planning
BIOS: Basic input/output system
CA: Certifcate authority
CAC: Common Access Card
CAN: Controller Area Network
CCMP: Counter-Mode/CBC-Mac Protocol
CCTV: Closed-circuit television
CERT: Computer Emergency Response Team
CHAP: Challenge Handshake Authentication Protocol
CIRT: Computer Incident Response Team
CRC: Cyclical Redundancy Check
CRL: Certifcation Revocation List
DAC: Discretionary Access Control
DACD: Discretionary Access Control
DDoS: Distributed denial of service
DEP: Data Execution Prevention
DES: Digital Encryption Standard
DHCP: Dynamic Host Confguration Protocol
DLL: Dynamic Link Library
DLP: Data Loss Prevention
DMZ: Demilitarized zone
DNS: Domain Name Service (Server)
DoS: Denial of service
DRP: Disaster Recovery Plan
DSA: Digital Signature Algorithm
EAP: Extensible Authentication Protocol
ECC: Elliptic Curve Cryptography
EFS: Encrypted File System
EMI: Electromagnetic Interference
ESP: Encapsulated Security Payload
Concise Courses provides ISC2 CISSP, CompTIA Security+, EC-Council CEH and Mile2 CPTE Training. For fees and more information please visit:
concise-courses.com/options/ec-council/ceh/ Watch our “Hacker Hotshots!” Web Show. Watch the world’s best security professionals present live.
We interview speakers from Black Hat, DefCon, Hacker Halted, ShmooCon, ToorCon etc. See who is presenting this week! concise-courses.com/upcoming
Concise-Courses.com
Information Security Training
FTP: File Transfer Protocol
GPU: Graphic Processing Unit
GRE: Generic Routing Encapsulation
HDD: Hard Disk Drive
H-ID: Shost-Based intrusion detection system
HIDS: Host Based Intrusion Detection System
H-IP: Shost-Based intrusion prevention system
HIPS: Host Based Intrusion Prevention System
HMAC: Hashed Message Authentication Code
HSM: Hardware Security Module
HTTP: Hypertext Transfer Protocol
HTTPS: Hypertext Transfer Protocol (Hypertext Transfer
HVAC: Heating Ventilation Air Conditioning
IaaS: Infrastructure as a Service
ICMP: Internet Control Message Protocol
ID: Identifcation, or Intrusion Detection
IKE: Internet Key Exchange
IM: Instant messaging
IMAP4: Internet Message Access Protocol v4
IP: Internet Protocol
IPSec: Internet Protocol Security
IRC: Internet Relay Chat
ISP: Internet service provider
IV: Initialization Vector
KDC: Key Distribution Center
L2TP: Layer 2 Tunneling Protocol
LANMAN: Local Area Network Manager
LDAP: Lightweight Directory Access Protocol
LEAP: Lightweight Extensible Authentication Protocol
MAC: Mandatory Access Control
MAN: Metropolitan area network
MBR: Master Boot Record
MD5: Message Digest 5
MSCHAP: Microsoft Challenge Handshake Authentication Protocol
MTU: Maximum Transmission Unit
NAC: Network access control
NAT: Network Address Translation
NIDS: Network Based Intrusion Detection System
NIPS: Network Based Intrusion Prevention System
NIST: National Institute of Standards & Technology
NOS: Network operating system
NTFS: New Technology File System
NTLM: New Technology LANMAN or New
Concise Courses provides ISC2 CISSP, CompTIA Security+, EC-Council CEH and Mile2 CPTE Training. For fees and more information please visit:
concise-courses.com/options/ec-council/ceh/ Watch our “Hacker Hotshots!” Web Show. Watch the world’s best security professionals present live.
We interview speakers from Black Hat, DefCon, Hacker Halted, ShmooCon, ToorCon etc. See who is presenting this week! concise-courses.com/upcoming
Concise-Courses.com
Information Security Training
NTP: Network Time Protocol
OS: Operating system
OVAL: Open Vulnerability and Assessment Language
PAP: Password Authentication Protocol
PAT: Port Address Translation
PBX: Private Branch Exchange
PEAP: Protected Extensible Authentication Protocol
PED: Personal Electronic Device
PGP: Pretty Good Privacy
PII: Personally Identifable Information
PKI: Public Key Infrastructure
POTS: Plain Old Telephone Service
PPP: Point-to-point Protocol
PPTP: Point to Point Tunneling Protocol
PSK: Pre-Shared Key
PTZ: Pan-Tilt-Zoom
RA: Recovery Agent
RAD: Rapid application development
RADIUS: Remote Authentication Dial-In User Service
RAD: Rapid Application Development
RAID: Redundant Array of Inexpensive Disks
RAS: Remote Access Server
RBAC: Role-Based Access Control
RSA: Rivest, Shamir, and Adleman
RTO: Recovery Time Objective
RTP: Real-Time Transport Protocol
S/MIME: Secure Multipurpose Internet Mail Extensions
SaaS: Software as a Service
SCAP: Security Content Automation Protocol
SCSI: Small Computer System Interface
SDLC: Software Development Life Cycle
SDLM: Software Development Life Cycle Methodology
SHA: Secure Hashing Algorithm or Secure
SHTTP: Secure Hypertext Transfer Protocol
SIM: Subscriber Identity Module
SLA: Service-level agreement
SLE: Single loss expectancy
SNMP: Simple Network Management Protocol
SONET: Synchronous Optical Network Technologies
SPIM: Spam over Internet Messaging
SSH: Secure Shell
SSL: Secure Sockets Layer
Concise Courses provides ISC2 CISSP, CompTIA Security+, EC-Council CEH and Mile2 CPTE Training. For fees and more information please visit:
concise-courses.com/options/ec-council/ceh/ Watch our “Hacker Hotshots!” Web Show. Watch the world’s best security professionals present live.
We interview speakers from Black Hat, DefCon, Hacker Halted, ShmooCon, ToorCon etc. See who is presenting this week! concise-courses.com/upcoming
Concise-Courses.com
Information Security Training
SSO: Single sign-on
STP: Shielded Twisted Pair
TACACS: Terminal Access Controller Access Control
TCP/IP: Transmission Control Protocol/Internet Protocol
TKIP: Temporal Key Integrity Protocol
TLS: Transport Layer Security
TPM: Trusted Platform Module
UAT: User Acceptance Testing
UPS: Uninterruptable power supply
URL: Universal Resource Locator or Uniform
USB: Universal Serial Bus
UTP: Unshielded Twisted Pair
VLAN: Virtual local area network
VoIP: Voice over IP
VPN: Virtual private network
VTC: Video Teleconferencing
WAF: Web-Application Firewall
WAP: Wireless Access Point
WEP: Wired Equivalent Privacy
WIDS: Wireless Intrusion Detection System
WIPS: Wireless Intrusion Prevention System
WPA: Wi-Fi Protected Access
XSRF: Cross-Site Request Forgery
XSS: Cross-Site Scripting
Concise Courses provides ISC2 CISSP, CompTIA Security+, EC-Council CEH and Mile2 CPTE Training. For fees and more information please visit:
concise-courses.com/options/ec-council/ceh/ Watch our “Hacker Hotshots!” Web Show. Watch the world’s best security professionals present live.
We interview speakers from Black Hat, DefCon, Hacker Halted, ShmooCon, ToorCon etc. See who is presenting this week! concise-courses.com/upcoming
Concise-Courses.com
Information Security Training
1. Access Me
The frst tool on our list is called “Access Me” which examines vulnerabilities in applications. This allows
a pentester/ ethical hacker etc to access network or computer system resources without being authenti-
cated. In short, Access Me is used to test for Access vulnerabilities.
2. JavaScript Deobfuscator
This pentesting addon tells you what JavaScript fles are running within an HTML page or other, even if it
is obfuscated and generated elsewhere. Simply open the JavaScript Deobfuscator app from the Firefox
Tools menu and watch the scripts being compiled or executed. Kinda similar to NoScript. Should add that
if this addon is on all the time then all code will render slower so you are best advised to only use it when
you need it.
3. SQL Inject ME
Good ole SQL Injection vulnerabilities can cause a lot of damage to a web application as any good
pentester will tell you. A malicious user can possibly view records, delete records, drop tables and basi-
cally go ahead and gain access to your server. SQL Inject-Me is tests for this – i.e. SQL Injection
vulnerabilities.
4. FoxyProxy
FoxyProxy is an old hat, been around for a while now. There is tons of help on setting this up – just hit up
YouTube and take a look. For the complete newbies reading this, FoxyProxy is an advanced proxy man-
agement tool that can replace Firefox’s proxying capabilities, (which are pretty limited). There are others
out there, such as SwitchProxy, QuickProxy or the infamous TorButton.
5. Key Manager
This pentesting tool allows for Key Generation, Certifcate Enrolment and Authority Delegation. In sum-
mary you can see encryption keys that are generated when you visit secure websites. You can also create
your own encryption keys.
6. Selenium IDE
Got to be honest about this one, we don’t know too much about it. More detailed info here about Se-
lenium IDE, but what we can tell you is what we read elsewhere, i.e. that this addon “is an integrated
development environment for Selenium scripts. It is implemented as a Firefox extension, and allows you
to record, edit, and debug tests.”
7. CookieSwap
This addon does exactly what its’ name suggests. From a pentesters point of view, being able to change
your cookies allows you to identity and understand how sites treat you diferently depending on who
you are. For example, if a travel site recognizes you as a returning customer they give you a page show-
ing similar fight choices for example. Google uses ‘Personalized Search’, where they modify their search
results based on your personal identity. So if you have a Google account then you’ll be treated to a ‘Per-
sonalized Search.’ CookieSwap allows you to be anonymous. Quite a nice tool for those interested in SEO
since Search Engine Results can difer.
7.0 50 FireFox Pentesting AddOns
As an information security professional, knowledge of how to use these tools is obviously a critical skill
you must have.
OK! So we all love Firefox right? Good – because this list came from their addons section!
Concise Courses provides ISC2 CISSP, CompTIA Security+, EC-Council CEH and Mile2 CPTE Training. For fees and more information please visit:
concise-courses.com/options/ec-council/ceh/ Watch our “Hacker Hotshots!” Web Show. Watch the world’s best security professionals present live.
We interview speakers from Black Hat, DefCon, Hacker Halted, ShmooCon, ToorCon etc. See who is presenting this week! concise-courses.com/upcoming
Concise-Courses.com
Information Security Training
8. FoxySpider
FoxySpider is a web crawler! This tool scrapes websites to fnd what you want. The tool can scan for
videos, images, PDF’s etc. FoxySpider displays the located items in a well-structured thumbnail gallery for
ease of use.
9. OSVDB
This tool hits the Open Source Vulnerability Database Search and gives you known security vulnerabili-
ties. The
community is great and stemmed from the Black Hat conferences. This is one of the best addons in our
opinion.
10. Tamper Data
Tamper Data acts as a proxy in a MITM way – by inserting itself between the user (client) and the web
site or application. This tool allows the IT security professional to investigate all elements of HTTP – es-
pecially all the GET’s and POST’s that can be manipulated without the constraints imposed by the user
interface normally seen in the browser.
11. Domain Details
Its’ name says it all – this is a nice and simple addon because it displays the server type, headers, precise
IP address and location and whois.
12. Live HTTP Headers
If your interested in headers then also take a look at Tamper Data (a few above this one). Live HTTP head-
ers shows headers of the actual page or application that you are browsing.
13. URL Flipper
URL allows the pentester to increment or decrement a section of a URL without having to manually edit
the string in the location feld within FireFox.
14. Greasmonkey
This is a classic and a very popular addon – which allows you to manipulate a web page by using small bits
of
JavaScript.
15. PassiveRecon
PassiveRecon provides information IT security professionals with the ability to execute “packetless”
discovery of target resources utilizing publicly available information. Used with the Open Source Vulner-
ability Database Search for maximum afect.
16. User Agent Switcher
The User Agent Switcher allows the switching of user agent data of a browser.
17. Groundspeed
Groundspeed allows security testers to manipulate the application user interface to eliminate possible
limitations and client-side restrictions that interfere with penetration testing.
Concise Courses provides ISC2 CISSP, CompTIA Security+, EC-Council CEH and Mile2 CPTE Training. For fees and more information please visit:
concise-courses.com/options/ec-council/ceh/ Watch our “Hacker Hotshots!” Web Show. Watch the world’s best security professionals present live.
We interview speakers from Black Hat, DefCon, Hacker Halted, ShmooCon, ToorCon etc. See who is presenting this week! concise-courses.com/upcoming
Concise-Courses.com
Information Security Training
18. Poster
This tool allows you to interact with web services and other web resources by showing HTTP requests,
entity body commands, and content type. See also Live HTTP Headers.
19. Firebug
Probably the best known addon in our 2013 Concise Courses Pentesting Firefox addon list. This addon
works well for developers, designers and Security Professionals equally since the user can edit, debug,
and monitor CSS, HTML, and JavaScript live in any web page. It is one of those apps that once you get
started with it you’ll always use it.
20. HackBar
This is one of our most highly recommended addons for Firefox. Hackbar is not an exploitation penetra-
tion tool – rather, it is helps you with your work fow. This toolbar will help to test sql injections, XSS
holes and overall site security.
21. RESTClient
Similar to Live HTTP Headers, RESTClient supports all HTTP methods RFC2616 (HTTP/1.1) and RFC2518
(WebDAV). You can construct custom HTTP requests.
22. Wappalyzer
Wappalyzer identifes software on websites. Again, can be used with Open Source Vulnerability Database
Search.
23. Host Spy
Useful if you want to know if your neighbour is spitting out spam since you can see who is on the same IP
as you are.
24. Firecookie
Firecookie works alongside Firebug. Rather similar to SwapCookies, this addon creates and deletes exist-
ing cookies.
25. HttpFox
Got to love this one. If you like Wireshark then this addon is your friend. HttpFox monitors and analyzes
all incoming and outgoing HTTP trafc between the browser and the web servers.
26. RefControl
You are able to create a list of sites, and the referrer that should be sent for each site. You can select
to send that referrer unconditionally or only for third-party requests. Alternatively, you can specify the
default behavior for any site not on your generated list.
27. XSS-Me
XSS-Me is a security pentesting exploitation tool designed to test for Cross-Site Scripting (XSS). The ad-
don looks for possible entry points for an attack against a system.
28. XSSed Search
Related to the addon above, this allows for the searching of cross-site scripting vulnerabilities at the
XSSed database.
Concise Courses provides ISC2 CISSP, CompTIA Security+, EC-Council CEH and Mile2 CPTE Training. For fees and more information please visit:
concise-courses.com/options/ec-council/ceh/ Watch our “Hacker Hotshots!” Web Show. Watch the world’s best security professionals present live.
We interview speakers from Black Hat, DefCon, Hacker Halted, ShmooCon, ToorCon etc. See who is presenting this week! concise-courses.com/upcoming
Concise-Courses.com
Information Security Training
29. Firesheep
This addon got a lot of publicity. This addon highlights HTTP session hijacking (when a hacker gets their
hands on a user’s cookies). There is a similar tool called Facesnif for Android. As cookies are transmitted
over networks, this tool, which is a packet snifer, can discover identities and allows the pentester to take
on the log-in credentials of the user or victim.
30. JSview
JSview allows you to access all Javascript.
31. NoScript
Probably the best known addon within this list – NoScript provides massive protection to Firefox by deny-
ing
JavaScript, Java and other executable content. This protects against cross-site scripting attacks (XSS),
cross-zone DNS rebinding / CSRF attacks (router hacking), and Clickjacking attempts. Pretty cool.
32. Proxybar
Similar to FoxyProxy. The user can change proxy.
33. Cookie Watcher
This tool probably helps the developer more than the pentester – because it can quickly wipe ‘session’
cookies. The main purpose of this though is to help identify cluster nodes by cookie values.
34. WOT
Another highly popular addon. The Web of Trust shows you “trusted sites” – from a pentesters point of
view it
allows for a snapshot of the credibility of backlinks or otherwise.
35. Google Site Indexer
This tool generates site maps based on Google queries which can be useful for both Penetration Testing
and Search Engine Optimization. The tool sends zero packets to the host making it anonymous.
36. refspoof
Allows for URL Spoofng by pretending to origin from any site by overriding the url referrer in an HTTP
request.
37. ShowIP
Shows the IP of the current page in the status bar. Also bundles info like hostname, ISP, country and the
city.
38. Packet Storm Search Plugin
This allows the ethical hacker or pentester to search the packet storm database for exploits, tools and
advisories.
39. Ofsec Exploit-db Search
Allows for the ability to search the Exploit-db Archive – similar to the Open Source Vulnerability Database
Search addon.
Concise Courses provides ISC2 CISSP, CompTIA Security+, EC-Council CEH and Mile2 CPTE Training. For fees and more information please visit:
concise-courses.com/options/ec-council/ceh/ Watch our “Hacker Hotshots!” Web Show. Watch the world’s best security professionals present live.
We interview speakers from Black Hat, DefCon, Hacker Halted, ShmooCon, ToorCon etc. See who is presenting this week! concise-courses.com/upcoming
Concise-Courses.com
Information Security Training
40. Security Focus Vulnerabilities Search Plugin
Allows for the ability to search the Security Focus – similar to the Open Source Vulnerability Database
Search and Exploit-db Archive addons.
41. Cookie Watcher
Watch the selected cookie behavior direct in the status bar.
42. XML Developer Toolbar
This addon allows for XML Developer standard tools from within Firefox.
43. CipherFox
CipherFox allows you to view the specifc SSL cipher that is being used to encrypt connections to a web
site. The
addon displays the keysize of the cipher and also allows for RC4 to be disabled.
44. FlagFox
Similarto ShowIP this addon displays a country fag for the location of a web server and other useful
information.
45. ViewStatePeeker
ViewStatePeeker decodes and displays viewstate contents of an *.aspx page
46. CryptoFox
CryptoFox is an encryption/ decryption tool for cracking MD5 passwords. Great for pentesters and those
working in IT Security.
47. Server Spy
As the name suggests, this addon tells you the technology of the web server (Apache, Samba, IIS etc) of
the client you are working for.
48. Default Passwords
This addon searches the CIRT.net default password database.
49. Snort IDS Rule Search
This addon works with Snort’s open source network-based intrusion detection system (NIDS) which can
perform real-time trafc analysis and packet logging on Internet Protocol (IP) networks. Take a look at
HttpFox if you are interested in this.
50. Header Spy
Similar to Live HTTP Headers – this addon shows HTTP Headers live on the status bar.
Concise Courses provides ISC2 CISSP, CompTIA Security+, EC-Council CEH and Mile2 CPTE Training. For fees and more information please visit:
concise-courses.com/options/ec-council/ceh/ Watch our “Hacker Hotshots!” Web Show. Watch the world’s best security professionals present live.
We interview speakers from Black Hat, DefCon, Hacker Halted, ShmooCon, ToorCon etc. See who is presenting this week! concise-courses.com/upcoming
Concise-Courses.com
Information Security Training
8.0 Salaries and Opportunities
Throughout 2012, the majority of chief information ofcers CIO’s surveyed for the Robert Half
Technology IT Index and skills report said that fnding skilled professional posed a challenge. Research by
the US Bureau of Labor Statistics makes it easy to understand why: The need for such professionals is
growing.
Employment of database professionals, for example, is projected to grow 31% from 2012 to 20120 –
much faster than the average for all occupations. In addition, employment of information security
analysts is projected to grow 22% in the same period, faster than the average for all occupations.
Here are the projected salaries for 2013 (with the percentage change in red font)
Source: Robert Half Technology 2013 Salary Guide
Data Security Analyst: $89,000 - $121,500 6.8% increase
Systems Security Administrator: $89,500 - $123,570 5.0% increase
Network Security Administrator: $89,750 - $123,500 5.7% increase
Network Systems Engineer: $93,500 - $123,250 5.6% increase
Information Security Manager: $108,000 - $149,750 4.4% increase
Research conducted for the Robert Half Technology 2013 Salary Guide indicates that the hiring
environment for technology talent is only going to become tougher for employers in the year ahead. The
pool of available candidates continues to shrink, while the demand for technology experts is climbing.
Competition is expected to be particularly ferce for professionals who can support mobile big data,
cloud and virtualization initiatives. The candidates with high-demand skills may receive multiple job
ofers – and most will be very selective when choosing an opportunity.
Meanwhile as businesses struggle to fll critical technology roles, existing staf members are being asked
to take on extra responsibilities. This can quickly overburden teams and, ultimately will remain essential
to success for employers. Hiring consultancy or temporary personnel can help fll the void and mitigate
the supply-and-demand imbalance that has become a trademark of the technology hiring environment.
Concise Courses provides ISC2 CISSP, CompTIA Security+, EC-Council CEH and Mile2 CPTE Training. For fees and more information please visit:
concise-courses.com/options/ec-council/ceh/ Watch our “Hacker Hotshots!” Web Show. Watch the world’s best security professionals present live.
We interview speakers from Black Hat, DefCon, Hacker Halted, ShmooCon, ToorCon etc. See who is presenting this week! concise-courses.com/upcoming
Concise-Courses.com
Information Security Training
9.0 CEH InfoSec Pathway continued
The CEH certifcation takes an unconventional look at the dark side of computer network security. It
gives everyday IT professionals an opportunity to understand the mindset, methodologies, and tools of a
hacker. IT pros who do not have an active interest in penetration testing should not automatically
discount this certifcation; CEH certifcation provides many levels of value for IT professionals.
Concise Courses provides ISC2 CISSP, CompTIA Security+, EC-Council CEH and Mile2 CPTE Training. For fees and more information please visit:
concise-courses.com/options/ec-council/ceh/ Watch our “Hacker Hotshots!” Web Show. Watch the world’s best security professionals present live.
We interview speakers from Black Hat, DefCon, Hacker Halted, ShmooCon, ToorCon etc. See who is presenting this week! concise-courses.com/upcoming
Concise-Courses.com
Information Security Training
10.0 300 InfoSec Interview questions
1 What is the extent of your web application development experience?
2 Aside from taking courses, what sorts of things have you done to become better qualifed for
your pursuits as an IT Professional?
3 What port does ping work over?
4 What’s the diference between HTTP and HTML?
5 What does RSA stand for?
6 What conferences do you routinely attend?
7 How do you create SSL certifcates, generically speaking?
8 What is meterpreter?
9 With regard to forensics, what is physically diferent about how the platters are used in a 3.5” and
a 2.5” HDD?
10 Describe the last program or script that you wrote. What problem did it solve?
11 What’s the diference between a router, a bridge, a hub and a switch?
12 What’s port scanning and how does it work?
13 What’s the better approach setting up a frewall: dropping or rejecting unwanted packets and
why?
14 Please describe the steps to be taken by a company implementing an ISMS framework
15 Can we perform VA remotely?
16 What experience do you have with Data Loss Prevention (DLP)
17 Are you a risk-taker. Would you risk our IT?
18 Give me an example of when you thought outside of the box. How did it help your employer?
19 Provide an example of a time when you successfully organized a diverse group of people to
accomplish a task.
20 Share an experience in which your understanding of a current or upcoming problem helped your
company to respond to the problem.
21 Provide an experience that demonstrates your ability to manage time efectively. What were the
challenges and results?
22 Share an experience in which you conducted a test of a product, service, or process and
successfully improved the quality or performance of the product, service, or process.
23 What is Spyware?
24 Can a page fle hold sensitive data?
25 What do you see as the most critical and current threats efecting Internet accessible websites?
26 Is NT susceptible to food attacks?
27 Are some Web server software programs more secure than others?
28 Have you worked with building and maintaining networks?
29 What makes you a good IT professional?
30 How does HTTP handle state?
31 I have just plugged in my network cable. How many packets must leave my NIC in order to
complete a trace route to twitter.com?
32 What is DES?
33 What papers have you written?
34 What is DNS Hijacking?
35 What is LDAP?
36 What are DCO and HPA?
37 Can DCO and HPA be changed?
38 Are there limitations of Intrusion Detection Signatures?
Concise Courses provides ISC2 CISSP, CompTIA Security+, EC-Council CEH and Mile2 CPTE Training. For fees and more information please visit:
concise-courses.com/options/ec-council/ceh/ Watch our “Hacker Hotshots!” Web Show. Watch the world’s best security professionals present live.
We interview speakers from Black Hat, DefCon, Hacker Halted, ShmooCon, ToorCon etc. See who is presenting this week! concise-courses.com/upcoming
Concise-Courses.com
Information Security Training
39 What are Linux’s strengths and weaknesses vs. Windows?
40 Please explain how the SSL protocol works.
41 Please explain how asymmetric encryption works
42 Please detail 802.1x security vs. 802.11 security (don’t confuse the protocols).
43 Why did you become (Certifed Ethical Hacker) certifed?
44 If we want to launch any new product or services in the market how will you perform risk
assessment
45 How can you confgure a network router from the CLI?
46 Is it possible to use packet flters on an NT machine?
47 What do you see as the most critical and current threats efecting Internet accessible websites?
48 Would you consider analyzing data or information a strength? How so?
49 Share an experience in which your attention to detail and thoroughness had an impact on your
last company.
50 How do you determine when to update virus protection systems?
51 Describe an efective method you have used to maintain permanent feet cryptologic and
carry-on direct support systems.
52 Provide an example when you were able to prevent a problem because you foresaw the reaction
of another person.
53 How can I avoid computer viruses?
54 What is Stuxnet?
55 What is WireShark?
56 What do you see as challenges to successfully deploying/monitoring web intrusion detection?
57 What ports must I enable to let NBT (NetBios over TCP/IP) through my frewall?
58 Are server-side includes insecure?
59 In which area of networking do you consider yourself most competent and why?
60 What specifc automated tools have you used to recover deleted fles?
61 What exactly is Cross Site Scripting?
62 How would you build the ultimate botnet?
63 What is Triple DES?
64 What is the secret sauce to a Cisco command?
65 What are IDA and/or Olly?
66 Why is LDAP called Light weight?
67 What was ISO 17799 originally called?
68 What’s the diference between a threat, vulnerability, and a risk?
69 What is a Syn Flood attack, and how to prevent it?
70 Can a server certifcate prevent SQL injection attacks against your system? Please explain.
71 What is stateful packet inspection?
72 During an audit, an interviewee is not disclosing the information being requested. How would you
over come this situation?
73 How will you implement BCP
74 What are the ways to secure a Linux system?
75 What do you see as challenges to successfully deploying/monitoring web intrusion detection?
76 Provide an example when your ethics were tested.
77 Provide an example of when you were persistent in the face of obstacles.
78 What have you found to be the best way to monitor the performance of your work and/or the
work of others?
Concise Courses provides ISC2 CISSP, CompTIA Security+, EC-Council CEH and Mile2 CPTE Training. For fees and more information please visit:
concise-courses.com/options/ec-council/ceh/ Watch our “Hacker Hotshots!” Web Show. Watch the world’s best security professionals present live.
We interview speakers from Black Hat, DefCon, Hacker Halted, ShmooCon, ToorCon etc. See who is presenting this week! concise-courses.com/upcoming
Concise-Courses.com
Information Security Training
79 Share an experience in which your diligence of inspecting equipment, structures, or materials
helped you identify a problem or the cause of a problem.
80 Tell me about the last time you oversaw the work of someone else. How did you efectively
motivate, develop, and direct the worker(s)?
81 What is computer impersonation?
82 Where do I get patches, or, what is a Service Pack or a Hot Fix?
83 What is Authenticode?
84 Intrusion Detection and Recovery questions
85 What are the most important steps you would recommend for securing a new web server?
86 What should I think about when using SNMP?
87 How do I secure Windows 2000 and IIS 5.0?
88 Give two examples of things you’ve done on the job or in school that demonstrate your
willingness to work hard.
89 When solving a problem, tell me about the steps you go through to ensure your decisions are
correct /efective.
90 What’s the diference between stored and refected XSS?
91 What is NMAP?
92 How is session management handled with both HTTP and HTTPS request/responses?
93 Have you hacked any system?
94 What are the standard port numbers for SMTP, POP3, IMAP4, RPC, LDAP and Global Catalog?
95 Describe a time when you implemented defense in depth.
96 What areas does ISO 27001 and 27002 cover?
97 Cryptographically speaking, what is the main method of building a shared secret over a public
medium?
98 Your network has been infected by malware. Please walk me through the process of cleaning up
the environment.
99 Do you have a home lab? If so, how do you use it to perfect your skills.
100 What is NAT and how does it work?
101 Within the PCI-DSS sphere, what is a compensating control?
102 How will you take approval from management to implement security control.
103 Tell me about cross site request forgery and why should I care.
104 What are the most important steps you would recommend for securing a new web server? Web
application?
105 Name a time when your patience was tested. How did you keep your emotions in check?
106 Share an example of when you established and accomplished a goal that was personally
challenging. What helped you succeed?
107 Name a time when your creativity or alternative thinking solved a problem in your workplace.
108 Describe a time when you successfully persuaded another person to change his/her way of
thinking or behavior.
109 What are privileges (user rights)?
110 What is a SID (Security ID)?
111 What servers have TCP ports opened on a NT system?
112 Current Awareness of Security Issues questions
Concise Courses provides ISC2 CISSP, CompTIA Security+, EC-Council CEH and Mile2 CPTE Training. For fees and more information please visit:
concise-courses.com/options/ec-council/ceh/ Watch our “Hacker Hotshots!” Web Show. Watch the world’s best security professionals present live.
We interview speakers from Black Hat, DefCon, Hacker Halted, ShmooCon, ToorCon etc. See who is presenting this week! concise-courses.com/upcoming
Concise-Courses.com
Information Security Training
113 What are some examples of you how you would attempt to gain access?
114 What are giant packets?
115 Is Windows NT susceptible to the PING attack?
116 What is the IIS Lockdown Tool?
117 What is the most difcult task you have performed or learned about with group policy with a
Windows Server?
118 Which do you prefer, Windows, Mac, or Linux and why?
119 What are the common defenses against XSS?
120 Describe a session fxation vulnerabilities and when it occurs?
121 What is the primary diference between traceroute on Unix/Linux and tracert on Windows?
122 What is the security threat level today at the Internet Storm Center (ISC)?
123 Have you released any worm/ trojan/ malicious code in the wild?
124 How will you determine if a fle is packed or not?
125 Defne an incident?
126 What’s the diference between Dife-Hellman and RSA?
127 What kind of authentication does AD use?
128 What is a Man In The Middle attack?
129 What is a bufer overfow?
130 Who is the ultimate responsible to classify a company’s information: the Infosec Team or the
information owner?
131 How will you communicate VA and PT report to higher management?
132 What are the 7 layers of the OSI model?
133 If you were not using Apache as the reverse proxy, what Microsoft application/tool could you use
to mitigate this attack?
134 What are some long-range objectives that you developed in your last job? What did you do to
achieve them?
135 How would you rate your writing skills?
136 Share an experience in which you successfully modifed computer security fles.
137 Tell me about a time when you developed your own way of doing things or were self-motivated to
fnish an important task.
138 What is this (X) IDS signature mean?
139 What is an ACE (Access Control Entry)?
140 What is a NULL session?
141 What is there to worry about Web Security?
142 How could you identify what the contents are of the hacked.htm fle that the attacker is trying to
upload?
143 What is Rollback.exe?
144 What is the Microsoft Baseline Security Analyzer?
145 It is very important to build good relationships on the job, but sometimes it doesn’t always work
out.
146 If you can, tell me about a time when you were not able to build a successful relationship with a
difcult person.
147 What are you most proud of?
148 What’s the diference between symmetric and public-key cryptography
149 What is Cross-site scripting (XSS)?
150 What kind of lab do you have at home?
Concise Courses provides ISC2 CISSP, CompTIA Security+, EC-Council CEH and Mile2 CPTE Training. For fees and more information please visit:
concise-courses.com/options/ec-council/ceh/ Watch our “Hacker Hotshots!” Web Show. Watch the world’s best security professionals present live.
We interview speakers from Black Hat, DefCon, Hacker Halted, ShmooCon, ToorCon etc. See who is presenting this week! concise-courses.com/upcoming
Concise-Courses.com
Information Security Training
151 Explain SOX, HIPAA, PCI and GLB (if applicable). What do you see as the most critical and current
threats efecting Internet accessible websites?
152 If i give you two DLLs of diferent versions, one has the vulnerability and another is patched for
that vulnerability then how will you fnd the vulnerability?
153 Do you have Rainbow tables?
154 What was the last training course you attend? Where? When? Why?
155 What is the diference between Encrypting and Encoding?
156 What kind of attack is a standard Dife-Hellman exchange vulnerable to?
157 What’s the diference between a Proxy and a Firewall?
158 Take me through the process of pen testing a system.
159 What are the most common application security faws?
160 Please describe the process of evaluating and analyzing risks.
161 What is CSRF attack?
162 What is your vision for our security organization?
163 Tell me how you organize, plan, and prioritize your work.
164 Share a time when you willingly took on additional responsibilities or challenges. How did you
successfully meet all of the demands of these responsibilities?
165 Provide an example of a time when you were able to demonstrate excellent listening skills. What
was the situation and outcome?
166 Share an experience in which your ability to consider the costs or benefts of a potential action
helped you choose the most appropriate action.
167 Please share with me an example of how you helped coach or mentor someone. What
improvements did you see in the person’s knowledge or skills?
168 Share an experience in which you used new training skills, ideas, or a method to adapt to a new
situation or improve an ongoing one.
169 What is an ACL (Access Control List)?
170 What is SRM (Security Reference Monitor)?
171 What is Shutdown.exe?
172 Are some operating systems more secure to use as platforms for Web servers than others?
173 I am new to the Internet and have been hearing a lot about viruses. I am not exactly sure what
they are. Can you help?
174 What is AFTP, NVAlert and NVRunCmd?
175 What online resources do you use to keep abreast of web security issues?
176 Can you give an example of a recent web security vulnerability or threat?
177 What are three characteristics of a good manager?
178 What are your best qualities when looking at your job experience?
179 In public-key cryptography you have a public and a private key, and you often perform both
encryption and signing functions. Which key is used for which function?
180 In a public key infrastructure (PKI), the authority responsible for the identifcation and
authentication of an applicant for a digital certifcate (i.e., certifcate subjects) is called what?
181 What is a Bufer Overfow?
182 What do you see as challenges to successfully deploying/monitoring web intrusion detection?
183 What is the latest security breach you’re aware of?
184 What is dsnif?
185 Describe the last security implementation you were involved with.
186 What can protect you 100% from attack?
187 What’s the goal of information security within an organization?
Concise Courses provides ISC2 CISSP, CompTIA Security+, EC-Council CEH and Mile2 CPTE Training. For fees and more information please visit:
concise-courses.com/options/ec-council/ceh/ Watch our “Hacker Hotshots!” Web Show. Watch the world’s best security professionals present live.
We interview speakers from Black Hat, DefCon, Hacker Halted, ShmooCon, ToorCon etc. See who is presenting this week! concise-courses.com/upcoming
Concise-Courses.com
Information Security Training
188 What is Cross-Site Scripting and how can it be prevented?
189 What is vulnerability test and how do you perform it?
190 What is a false positive?
191 What actions would you take to change end user behavior towards InfoSec?
192 what is the diference of pen testing and vulnerability assessment?
193 What do you think about security convergence and its efect on our company?
194 Share an efective method you have used to prevent violations of computer security procedures.
195 Provide a time when you dealt calmly and efectively with a high-stress situation.
196 Provide a time when you worked in a rapidly evolving workplace. How did you deal with the
change?
197 Describe an efective method you have used to ensure functioning of data processing activities
and security measures.
198 Share an experience in which personal connections to coworkers or others helped you to be
successful in your work.
199 Provide an experience in which your ability to actively fnd ways to help people improved your
company or your own work ethic.
200 What makes a strong password?
201 What is SAM (Security Account Manager)?
202 What is CryptoAPI?
203 Are CGI scripts insecure?
204 What is the security threat level today at the Internet Storm Center (ISC)?
205 There are a number of things to do to get better security on remote connections
206 Imagine that we are running an Apache reverse proxy server and one of the servers we are proxy
for is a Windows IIS server. What does the log entry suggest has happened?
207 Tell us about a time when you took responsibility for an error/mistake and were held personally
accountable.
208 What kind of network do you have at home?
209 What’s the diference between encryption and hashing?
210 What is a NOP Sled?
211 What are the most important steps you would recommend for securing a new web server?
212 Can a Virtual Operating System be compromised?
213 Have you ever used FTK, Encase, dc3dd, dd_rescue or dcfdd?
214 Design a RADIUS infrastructure for 802.11 security and authentication.
215 How exactly does traceroute/tracert work at the protocol level?
216 Are open-source projects more or less secure than proprietary ones?
217 What’s the diference between symmetric and asymmetric encryption?
218 What are the latest threats you foresee for the near future?
219 What is ISO 27001 and why should a company adopt it?
220 How do you ensure a secure software development?
221 What are the best practices to be followed?
222 what is the security implication of using mobile devices for enterprises?
223 How do you sell security to other executives?
224 Name a time when you identifed strengths and weaknesses of alternative solutions to problems.
What was the impact?
225 Share an example of when you went above and beyond the “call of duty”.
226 Provide a successful method you have used to monitor the use of data fles and regulate access to
safeguard information in computer fles.
227 Share an efective method you have used to ensure system security and improve server and
network efciency.
Concise Courses provides ISC2 CISSP, CompTIA Security+, EC-Council CEH and Mile2 CPTE Training. For fees and more information please visit:
concise-courses.com/options/ec-council/ceh/ Watch our “Hacker Hotshots!” Web Show. Watch the world’s best security professionals present live.
We interview speakers from Black Hat, DefCon, Hacker Halted, ShmooCon, ToorCon etc. See who is presenting this week! concise-courses.com/upcoming
Concise-Courses.com
Information Security Training
228 How do you promote security awareness?
229 Please share an experience in which you successfully taught a difcult principle or concept. How
were you able to be successful?
230 Describe an experience in which your ability to work well with others and reconcile diferences
helped your company or employer.
231 How can I avoid Spyware?
232 What is an access token?
233 How do we “lock down” a new system?
234 What general security precautions should I take?
235 What is LSA (Local Security Authority)?
236 Can I grant access to someone to view or change the logfles?
237 What applications can generate log fles?
238 What do you know about our company and why are you interested in working/interning with us?
239 Can an attacker place a virus within BIOS?
240 What is a Certifcate Authority?
241 What is CHAP: Challenge Handshake Authentication Protocol?
242 What is a Cyclical Redundancy Check?
243 What is a Certifcation Revocation List?
244 Can a distributed denial of service be prevented?
245 What are the Digital Encryption Standards?
246 What is a Dynamic Host Confguration Protocol?
247 What is a Dynamic Link Library?
248 What is a demilitarized zone?
249 Explain what exactly a Domain Name Service (Server) is?
250 How do you make a disaster recovery plan?
251 What is a Digital Signature Algorithm?
252 What is the Extensible Authentication Protocol?
253 What is a Elliptic Curve Cryptography?
254 Can all fle systems be encrypted?
255 What is a Electromagnetic Interference?
256 What is an Encapsulated Security Payload?
257 Is the File Transfer Protocol a hack-proof protocol?
258 What is a Hashed Message Authentication Code?
259 What is the diference between IPv4 and IPv6?
260 Do you ever use Internet Relay Chat?
261 ISP: Internet service provider?
262 What is the Lightweight Directory Access Protocol?
263 What is Mandatory Access Control?
264 What is the Master Boot Record?
265 What is the Message Digest 5?
266 What is the Microsoft Challenge Handshake Authentication Protocol?
267 What is the Maximum Transmission Unit?
268 What is a Network Based Intrusion Detection System?
269 What is the National Institute of Standards & Technology?
270 What is a network operating system?
271 What is the New Technology File System?
273 What is the Open Vulnerability and Assessment Language?
274 What is the Password Authentication Protocol?
Concise Courses provides ISC2 CISSP, CompTIA Security+, EC-Council CEH and Mile2 CPTE Training. For fees and more information please visit:
concise-courses.com/options/ec-council/ceh/ Watch our “Hacker Hotshots!” Web Show. Watch the world’s best security professionals present live.
We interview speakers from Black Hat, DefCon, Hacker Halted, ShmooCon, ToorCon etc. See who is presenting this week! concise-courses.com/upcoming
Concise-Courses.com
Information Security Training
275 What is the Port Address Translation?
276 What is the Private Branch Exchange?
277 What is the Protected Extensible Authentication Protocol?
278 What is a Personal Electronic Device?
279 What is Pretty Good Privacy?
280 What does Personally Identifable Information mean?
281 What is a Public Key Infrastructure?
282 Explain the Point-to-point Protocol?
283 Explain the Point to Point Tunneling Protocol?
284 What is a Pre-Shared Key?
285 What is a Recovery Agent?
286 What is a Rapid application development?
287 What is a Remote Authentication Dial-In User Service?
288 What is a Rapid Application Development?
289 What are Redundant Array of Inexpensive Disks?
290 What is a Role-Based Access Control?
291 RSA: Rivest, Shamir, and Adleman?
292 What is a Real-Time Transport Protocol?
293 What are Secure Multipurpose Internet Mail Extensions?
294 Explain Software as a Service?
295 What is the Security Content Automation Protocol?
296 What is a Small Computer System Interface
297 What is a Software Development Life Cycle?
298 How does a Secure Hashing Algorithm work?
299 What is the Secure Hypertext Transfer Protocol?
300 What is a service-level agreement?
Concise Courses provides ISC2 CISSP, CompTIA Security+, EC-Council CEH and Mile2 CPTE Training. For fees and more information please visit:
concise-courses.com/options/ec-council/ceh/ Watch our “Hacker Hotshots!” Web Show. Watch the world’s best security professionals present live.
We interview speakers from Black Hat, DefCon, Hacker Halted, ShmooCon, ToorCon etc. See who is presenting this week! concise-courses.com/upcoming
Concise-Courses.com
Information Security Training
11.0 Thirteen Interview No-No’s!
Some say that thirteen is considered unlucky because traditionally that is how many steps led to the
gallows. So with infamous honor to that theory we thought to list thirteen interview faux-pas.
This list was compiled via materials published by IT stafng frms such as TEKsystems, Robert Half
Technology, as well as companies in the telcom and energy industries.
Mistake #1: Not researching your prospective employer ahead of the interview.
Very obvious but very vital. Every company has, or should have, a Unique Selling or Service Proposition,
so understand what that is. Better still – compare the company to their competition and understand how
the future looks, in your opinion, for your potential competitor.
Mistake #2: Not being completely on-top of IT fundamentals needed for the job opening.
Clearly you should not be going for an interview for a position you neither are qualifed for nor under-
stand – you will just be wasting your time and theirs. Brush-up on the fundamentals for the position and
be an expert on them.
Mistake #3: Listing every technology buzzword on your resume and not being able to speak to it in detail
during your interview. Don’t BS or exaggerate. Only list your hands-on experience — honesty is the best
policy.
Mistake #4: Only speaking “geek” to non-geeks involved in the hiring process.
Don’t expect that everyone in the room is a guru or works in IT. Recognize your audience and speak ac-
cordingly—using non-technical language when talking with human resources representatives, for exam-
ple. Likely your audience will want to see how you problem solve and the language you will use to your
colleague in say the marketing department, who might know zip about IT.
Mistake #5: Not admitting what you don’t know.
If you don’t know the answer to a technical question, admit it and show that you know how to acquire the
needed information. Don’t be smart-ass. It’s not possible to know everything in IT – not even Bill Gates or
Kevin Mitnick know everything.
Mistake #6: Running late for the interview.
No need to explain this one. Just be prepared.
Mistake #7: Coming to the interview without a printed copy of your resume and your references.
Come prepared and ready for next steps and make sure you spell check your resume and scrutinize its
layout since a well-designed, typo-free resume shows that a candidate has good attention to detail.
Mistake #8: Bad mouthing your old boss, coworkers or place of employment to interviewer.
Just don’t do it.
Mistake #9: Coming across as arrogant.
Know the diference between confdence and arrogance. Speak about specifc accomplishments and use
concrete examples, while making it clear to the interviewer when something was a team efort.
Concise Courses provides ISC2 CISSP, CompTIA Security+, EC-Council CEH and Mile2 CPTE Training. For fees and more information please visit:
concise-courses.com/options/ec-council/ceh/ Watch our “Hacker Hotshots!” Web Show. Watch the world’s best security professionals present live.
We interview speakers from Black Hat, DefCon, Hacker Halted, ShmooCon, ToorCon etc. See who is presenting this week! concise-courses.com/upcoming
Concise-Courses.com
Information Security Training
Mistake #10: Dressing unprofessionally, not making eye contact with the interviewer and/or slouching
during the interview. Dress professionally. Even if the job isn’t going require you to wear a tie and jacket,
it’s not a bad thing to still show up that way. Make sure your body language — your eye contact and your
posture — demonstrates that you are interested and alert. Eye contact is critical because that’s how you
are going to quickly establish trust with the people interviewing you.
Mistake #11: Conveying nervousness and desperation during the job interview.
Relax and sell the interviewer on your skills and qualities. Make no mention of personal fnance issues.
Don’t talk about how hard you’ve been searching, how many interviews you’ve gone on, and how you re-
ally, really want this job.
Mistake #12: Not closing the interview.
Emphasize how much you’d love to join the frm, or ask what the next step in the process will be at the
end of an interview. Typically Technology professionals typically don’t like to ‘sell’ themselves, but by not
taking these steps, you might risk appearing unenthusiastic about the job.
Mistake #13: Telling the IT hiring manager you are the “perfect” candidate.
Speak clearly and boldly about what skills and qualities you can bring to the job, and convey your interest
in joining the company, but don’t overreach.