Explain what a SQL injection is, including its history, common attack vectors, prevention methods, and real-world examples.
What is cross-site scripting? Provide a comprehensive explanation covering reflected, stored, and DOM-based XSS with code examples.
How does buffer overflow work? Give a detailed technical explanation with memory layout diagrams and exploitation techniques.
What is a MITRE ATT&CK technique? Explain the framework structure, tactic categories, technique IDs, and how they're used in threat modeling.
How does Kerberoasting work? Detail the attack flow, required tools, detection methods, and mitigation strategies.
Explain port scanning with Nmap. Cover SYN scans, UDP scans, version detection, OS fingerprinting, and scripting engine usage.
What is privilege escalation? Describe vertical and horizontal escalation, common Windows and Linux vectors, and defensive measures.
Describe a DNS spoofing attack. Include DNS cache poisoning, Kaminsky attack, DNSSEC mitigations, and detection techniques.
Explain ARP cache poisoning. Detail the attack mechanics, network topology mapping, man-in-the-middle setup, and prevention with DAI.
What is a reverse shell? Explain netcat, Meterpreter, and PowerShell reverse shells with connection methods and detection strategies.
How does phishing work? Cover spear phishing, whaling, business email compromise, payload delivery, and organizational defense training.
What is ransomware? Explain encryption mechanisms, C2 communication, ransom payment infrastructure, and recovery strategies.
Explain a DDoS attack. Cover volumetric, protocol, and application layer attacks with amplification techniques and mitigation services.
What is social engineering? Detail pretexting, baiting, tailgating, and quid pro quo attacks with psychological principles and defenses.
How does password cracking work? Cover dictionary, rule-based, rainbow table, and GPU-accelerated attacks with hashcat and John the Ripper.
What is a zero-day vulnerability? Explain discovery, exploitation, responsible disclosure timelines, and patch management strategies.
Explain man-in-the-middle attacks. Cover SSL stripping, certificate pinning, HSTS, and network-level interception techniques.
What is cryptojacking? Detail browser-based mining, compromised servers, resource detection, and organizational response procedures.
Describe a supply chain attack. Cover SolarWinds, dependency confusion, CI/CD pipeline compromise, and software bill of materials.
How does credential stuffing work? Explain account enumeration, proxy rotation, rate limit bypass, and credential monitoring services.
What is a botnet? Describe centralised vs P2P architectures, C2 protocols, Mirai-style IoT exploitation, and takedown strategies.
Explain directory traversal. Cover path traversal sequences, web server misconfigurations, encoding bypasses, and chroot mitigations.
What is remote code execution? Describe OS command injection, deserialization, and expression language injection with sandbox escapes.
Describe clickjacking. Explain UI redressing, frame-busting bypasses, X-Frame-Options, and Content-Security-Policy frame-ancestors.
How does session hijacking work? Cover session fixation, sidejacking, session prediction, and secure session management practices.
What is a rootkit? Explain kernel-mode vs user-mode, persistence mechanisms, detection tools like rkhunter, and boot integrity.
Explain drive-by downloads. Cover exploit kits, browser fingerprinting, payload staging, and browser hardening techniques.
What is file inclusion vulnerability? Detail LFI and RFI with wrapper exploitation, log poisoning, and PHP filter chains.
Describe an XXE attack. Cover in-band, error-based, and blind XXE with OOB exfiltration, SSRF chaining, and XML parser hardening.
How does OS command injection work? Explain shell metacharacters, command chaining, input validation bypasses, and parameterized calls.
What is server-side request forgery? Describe internal port scanning, cloud metadata extraction, and network segmentation defenses.
Explain insecure deserialization. Cover Java, Python pickle, and PHP object injection with gadget chains and type-safe alternatives.
What is a race condition vulnerability? Detail TOCTOU attacks, file descriptor exploitation, and atomic operation requirements.
Describe integer overflow attacks. Cover signedness errors, truncation, and safe arithmetic libraries for prevention.
What is a side-channel attack? Explain timing, power analysis, and cache-based attacks with constant-time implementation defenses.
Explain timing attacks on cryptography. Detail key recovery via timing variation, blinding countermeasures, and constant-time algorithms.
What is a waterhole attack? Describe targeted website compromise, watering hole delivery, and threat hunting indicators.
Describe DNS tunneling. Cover dnscat2, iodine, data exfiltration techniques, DNS monitoring, and anomaly detection.
What is a pivot in network penetration testing? Explain tunneling, SOCKS proxies, SSH port forwarding, and lateral network mapping.
Explain lateral movement techniques. Cover Pass-the-Hash, WMI, PsExec, WinRM, and detection via event logging and honeypots.
What is a web shell? Describe common web shells, persistence mechanisms, detection through file integrity monitoring, and log analysis.
Describe a brute force attack. Cover credential spraying, password policies, account lockout, and adaptive authentication defenses.
How does WAF bypass work? Explain encoding tricks, HTTP parameter pollution, chunked transfer, and WAF rule development.
What is an evil twin attack? Detail rogue AP setup, captive portals, credential harvesting, and enterprise wireless security.
Explain bluejacking and bluesnarfing. Cover Bluetooth discovery, OBEX推送, and Bluetooth security modes.
What is a VLAN hopping attack? Describe switch spoofing, double tagging, and VLAN segmentation best practices.
Describe MAC flooding. Explain CAM table overflow, port security, and sticky MAC configurations.
How does IP spoofing work? Cover raw sockets, SYN flood, reflection attacks, and ingress/egress filtering.
What is a pass-the-hash attack? Detail NTLM hash extraction, lateral movement, and credential guard protections.
Explain golden ticket attacks in Active Directory. Cover Kerberos TGT forgery, krbtgt hash extraction, and detection with Event ID 4624.