Page 5 of 6 FirstFirst ... 3456 LastLast
Results 41 to 50 of 57

Thread: Pentester Interview

  1. #41
    Just burned his ISO
    Join Date
    May 2007
    Posts
    4

    Default

    I agree with daffyduc. Certifications gets you in the good books of an HR. But, if you haven't learnt anything from your certifications, the IT interviewer will not select you.

  2. #42
    Junior Member
    Join Date
    Nov 2008
    Posts
    35

    Default

    Quote Originally Posted by Metahuman View Post
    I agree with daffyduc. Certifications gets you in the good books of an HR. But, if you haven't learnt anything from your certifications, the IT interviewer will not select you.
    Very true ! i have just interviewed 20 people, all were selected by HR

    i ask them 2 questions

    First walk me through NTLM v1 authentication and what's passed between the client and server.

    Second what are chains in relationship to rainbow tables.

    No ones got the first question even close ! a few have even asked what NTLM is

    Also the info they get on the degrees looks to be a few years out of date.

  3. #43
    Member godcronos's Avatar
    Join Date
    Jan 2010
    Posts
    103

    Default Re:

    o0hex0o:
    Was this for a security professional position or for a network administrator?

  4. #44
    Junior Member
    Join Date
    Nov 2008
    Posts
    35

    Default

    The role is for a mobile device admin, design and test of builds of mobile devices, remote deployment of software and updates etc.

    The last thing i want is someone deploying software or updates and not knowing what the implication to security is.

    The questions are more about an inquiring mind, if someone has taken the time to actual understand how things work it shows a real interest and understanding of the subject.

    To many 'admins' today are just happy to click next,next next or Google it not many are able to work it out for themselves.

  5. #45
    Member godcronos's Avatar
    Join Date
    Jan 2010
    Posts
    103

    Wink Re:

    I understand now! Nicely put "inquiring mind"..hmm.
    I had a feeling it was pentesting related. I could almost see a reason for the question, in that case.
    Not sure how many admin out there know the correct and full answer to that question, 'cause after managing servers, firewalls, dealing with users on a daily basis, making sure people you manage do their jobs, researching future technologies, dealing with corporate policies, managing your budget properly and other stuff like that, the last thing you want to know is what happens in the background when the user authenticates on his computer and how does the server respond to the request.
    I think everyone forgets, that doesn't make them incompetent or unable to do their jobs. In the end I think knowing your stuff in important, but I think also knowing where to find the information when you need it, it just as important!

    Do you have a list of questions that you asked? I'd like to see a few of them, since I am just an inquiring mind.

  6. #46
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by o0hex0o View Post
    i ask them 2 questions

    First walk me through NTLM v1 authentication and what's passed between the client and server.

    Second what are chains in relationship to rainbow tables.

    No ones got the first question even close ! a few have even asked what NTLM is
    Holy irrelevant questions Batman!

    You asked those questions to someone who you were thinking of hiring as a mobile device administrator?

    Those are highly domain specific and only seem relevant for someone whose job would be to attack authentication systems. While I have studied both subjects myself I would only be able to give you a general high level answer to those questions without doing a little research first - and I work in IT Security. Its just not something I (or most people for that matter) work with every day, so its not going to be something you remember without a little refresher.

    Even for someone who worked in IT Security those questions would be difficult, and the ability to answer them in detail would be largely irrelevant to the majority of jobs in the field. Someone who worked in another area of IT wouldn't have a hope of answering.

    If you want to check whether the person has an inquiring mind (which is a good goal), then you should ask questions relevant to their chosen field or job.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  7. #47
    Member godcronos's Avatar
    Join Date
    Jan 2010
    Posts
    103

    Default Re:

    Lupin, you are funny!
    Holy irrelevant questions Batman!
    BTW, you are right too!
    I have a question for these interviewers.
    Before you put those questions on paper, do you also google around for the right answer, just in case you might have forgotten some things, while dealing with life and other IT bull that does not require you to know the correct and full definition of the term?
    I also think that since he ended up with 20 some people to interview, he was trying to separate the really good ones from the bad ones.

  8. #48
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by godcronos View Post
    Lupin, you are funny!
    I actually ripped off streaker69 with that Batman line. He posted a similar thing recently. Don't tell him OK?

    Quote Originally Posted by godcronos View Post
    BTW, you are right too!
    I have a question for these interviewers.
    Before you put those questions on paper, do you also google around for the right answer, just in case you might have forgotten some things, while dealing with life and other IT bull that does not require you to know the correct and full definition of the term?
    Yeah that's a better question. Its more focused on how the person thinks rather than if they know some specific and very random technical detail.

    Quote Originally Posted by godcronos View Post
    I also think that since he ended up with 20 some people to interview, he was trying to separate the really good ones from the bad ones.
    The goal is fine but going about it by asking a question that no one with a particular chosen skill set is going to be able to answer wouldn't be my chosen approach.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  9. #49
    Member webtrol's Avatar
    Join Date
    Jan 2010
    Posts
    113

    Default

    Long long ago (about 5-6 years ago) when I was forced to help judge applicants the main question that I asked was: "Tell me what you are working on right now. And then ask questions to see how advanced understanding of that subject is (the victim.... i mean applicant, did choose the subject).

    Sin-cerely,
    Trol

  10. #50
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010
    Posts
    660

    Default

    Quote Originally Posted by o0hex0o View Post
    i ask them 2 questions

    First walk me through NTLM v1 authentication and what's passed between the client and server.
    Not to mention dated and insecure.

    Quote Originally Posted by o0hex0o View Post
    Second what are chains in relationship to rainbow tables.
    Chains are irrelevant unless you're writing the software to build the tables.

Page 5 of 6 FirstFirst ... 3456 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •