Posts

Technical Interview Questions Network/Security Jobs

Image
  What is a register? https://whatis.techtarget.com/definition/register What command would you use to view the last lines in a file? https://en.wikipedia.org/wiki/Tail_(Unix) In computer networking, what is MTU? https://en.wikipedia.org/wiki/Maximum_transmission_unit What is a Botnet? https://en.wikipedia.org/wiki/Botnet What is MetaSploit? https://en.wikipedia.org/wiki/Metasploit_Project What is Wireshark? https://en.wikipedia.org/wiki/Wireshark What is Base64? https://en.wikipedia.org/wiki/Base64 What is hashing-vs-encryption-vs-encoding? https://cheapsslsecurity.com/blog/explained-hashing-vs-encryption-vs-encoding/ https://www.packetlabs.net/encryption-encoding-and-hashing/geeksforgeeks.org/encryption-encoding-hashing Put the following layers in correct order in the OSI model: •          Application layer •          Data link layer •          Network layer •          Physical layer •          Presentation layer •          Session layer •          Transport layer   https://en.wikiped

Interview with West London charity DanceWest

Image
 Interview with West London charity DanceWest https://photojournalismhub.org/2021/01/14/wondering-about-west-london-issue4/ Twitter: @journothinker Instagram @journothinker

Interview with Carlos, Owner of Plumbing and Gas Boiler Services

Image
https://photojournalismhub.org/wondering-about-west-london/  

Interview with Sarah Kleio - Dance Studio Business Owner, Richmond

Image
https://photojournalismhub.org/wondering-about-west-london-issue2/  

Interview with Paola - Professional Dance Teacher, Choreographer, Actor and Events Organiser

Image
https://photojournalismhub.org/wondering-about-west-london/  

Security researcher earns $15000 biggest bug bounty for Russian internet company giant Mail.Ru

Image
Security researcher Ramazan (r0hack) discovered a Bind (time-based) SQL injection in https://city-mobil.ru website due to the unsafe usage of the GET parameter for which he was awarded $15000 So far, this is the largest awarded vulnerability disclosed in Mail.ru and the second biggest bounty awarded on the bug bounty platform Hackerone after just one bug bounty award of $20000 Time-based SQL Injection is an SQL Injection technique that relies on sending an SQL query to the database which forces the database to wait for a specified amount of time (in seconds) before responding. The response time will indicate to the attacker whether the result of the query is TRUE or FALSE which will allow the attacker to figure out if the payload used true or false Full details of the vulnerability have not been yet polished by the researcher and more information can be found at https://hackerone.com/reports/868436 Mail.Ru is a major Russian internet company whose sites reach approxima

Slack vulnerability in the "Create snippet" feature can trick users to execute malicious filetypes

Image
Slack’s snippet feature allows users to quickly and easily share pieces of code, configuration files, or log files within their workspace. Researcher Kevin McSheehan discovered the bug in the snippet feature and reported it in the Slack’s bug bounty program. "They need to click on the file, so let's trick Slack into making it look benign. CSV should work" he said. Slack will also show the user that a .CSV file is being downloaded when it is actually a .BAT executable. The issue, present in both the mobile and desktop versions of the app, allowed a malicious actor to disguise dangerous files as benign, due to a flaw in the create snippet feature. The researcher discovered that by including a long file name and certain ASCII characters in the snipped content, an attacker could trick Slack into showing that a .CSV file was being downloaded when it was actually a .BAT executable. Full details of the vulnerability can be found here - https://hack