FlyNavy
10-22-2015, 09:17 AM
So when I get a new guy into the cyber shop, here are some of the basic things I ask them to gauge where they're at. I don't expect them to know all of these, but I expect a few and for them not to outright panic.
- Write down the OSI model and give me an example of each layer (This knowledge is an absolute must)
- What's a ping, traceroute, and port?
(Bonus: Do certain services HAVE to run on certain ports?)
- What's the 3-way handshake?
- Explain to me how DNS works. From the time I type www.google.com into my browser, how do I actually land at the webpage?
- What's Encryption, what's Hashing, and when would I use them?
(Bonus: what's "salting" and why would I use it?)
- What's the difference between a vulnerability and an exploit?
- Draw and explain the PKI model
(Bonus: Can you tell me the difference between symmetric and asymmetric encryption?)
- What's more secure, SSL or HTTPS?
(Hint: This is a trick question, but explain why)
- What's a Botnet?
(If you can explain what a botnet is, my follow up question would be "how would you build your ultimate botnet". This one's more advanced though and I don't expect new guys to get it. I've never seen a new guy start spouting off about DGA, rotating encryption, steganography, alternate data streams, etc. Again, this is just to judge their base knowledge and it's fine if they have no idea what I'm talking about).
- If I get "root", what am I saying? Should everyone be root? Why/why not?
==================================================
So again, I really don't expect new guys to get all of these by any means. Those later ones are some that even guys who've been here for a year might not get. The point is to gauge their level of knowledge, since some guys come in without a background and other guys were poppin' shells at 15.
If you can at least answer a few of these (you can google every single one of these and learn it) then you'll start to develop a base knowledge and also start to understand how InfoSec works and how to go about thinking about different problems.
I'll be down in Pensacola probably starting next week and be there for about a month. If you wanna meet up, grab some pizza or something, we can meet up and I have no problem teaching you some basics. Shoot me a message if you're interested and I'll send you my number.
/r
CTT1
- Write down the OSI model and give me an example of each layer (This knowledge is an absolute must)
- What's a ping, traceroute, and port?
(Bonus: Do certain services HAVE to run on certain ports?)
- What's the 3-way handshake?
- Explain to me how DNS works. From the time I type www.google.com into my browser, how do I actually land at the webpage?
- What's Encryption, what's Hashing, and when would I use them?
(Bonus: what's "salting" and why would I use it?)
- What's the difference between a vulnerability and an exploit?
- Draw and explain the PKI model
(Bonus: Can you tell me the difference between symmetric and asymmetric encryption?)
- What's more secure, SSL or HTTPS?
(Hint: This is a trick question, but explain why)
- What's a Botnet?
(If you can explain what a botnet is, my follow up question would be "how would you build your ultimate botnet". This one's more advanced though and I don't expect new guys to get it. I've never seen a new guy start spouting off about DGA, rotating encryption, steganography, alternate data streams, etc. Again, this is just to judge their base knowledge and it's fine if they have no idea what I'm talking about).
- If I get "root", what am I saying? Should everyone be root? Why/why not?
==================================================
So again, I really don't expect new guys to get all of these by any means. Those later ones are some that even guys who've been here for a year might not get. The point is to gauge their level of knowledge, since some guys come in without a background and other guys were poppin' shells at 15.
If you can at least answer a few of these (you can google every single one of these and learn it) then you'll start to develop a base knowledge and also start to understand how InfoSec works and how to go about thinking about different problems.
I'll be down in Pensacola probably starting next week and be there for about a month. If you wanna meet up, grab some pizza or something, we can meet up and I have no problem teaching you some basics. Shoot me a message if you're interested and I'll send you my number.
/r
CTT1