How do you exploit an SSRF with only a DNS response?
Penetration Tester Interview Questions
341 penetration tester interview questions shared by candidates
1. Write an executive summary for a live report - so that we can learn the industry way of wording and doing this. 2. Write an Android testing methodology - so that we can use it internally for sales purposes or improve our existing one.
Everything, have your technical trivia ready. Tactics, ports OSI, tools, what you would do etc... it was almost as if my interview was a scam to ask me to tell them how to run their business. (but how else do you test someone on how to run the business?) One interesting interrogation chain was highly technical on adversarial work, a deep dive of tactics. And the 5 minutes I was afforded to ask my own questions I found out, "oh, we don't do that kind of work here"... Then why did you waste 20 minutes of both of our time on something you don't want to do? Was it a time waster to hide your culture issues?
Differenza dom / stored / reflected xss.
After your fist contact with our recruiter, what took you so long to apply officially? Almost 1 month later?
Nothing substantial, Interviewer's were not technical at all.
How do you exploit XXE vulnerabilities found within a web based application.
What is the first thing you would do upon getting access to an internal network?
Do you have experience with CTF?
What is you doing to test website from Vulnerabilities ?
Viewing 31 - 40 interview questions