rubinger Posted January 9, 2020 Share Posted January 9, 2020 hi everyone, I got an home assignment during an interview to a cyber role with the following questions, can you please me help with them. I would appreciate it if you could elaborate as much as possible. *You are a cyber attacker trying to grab a file from an employee’s machine (Windows machine). You only know the employee’s name. List all methods the attacker can try to achieve his goals. Please be verbose and provide as many details as possible. What specific cybersecurity solution/feature can block/prevent/detect each of these methods? How can attackers overcome these defenses? thank you Link to comment Share on other sites More sharing options...
Flatlinebb Posted January 9, 2020 Share Posted January 9, 2020 What have you come up with so far? Link to comment Share on other sites More sharing options...
rubinger Posted January 10, 2020 Author Share Posted January 10, 2020 hi, i dont know the answer for Q1 . for Q2 2 - install agent based defenses for anti virus, EDR, and phishing products, segment the network implement permissions. implement CDR and antivirus scan on incoming attachments. block hardware on the local workstations. Link to comment Share on other sites More sharing options...
Flatlinebb Posted January 10, 2020 Share Posted January 10, 2020 You can't really answer Q2 without answering Q1, since you don't know what penetration methods can be used. You just threw out some tech jargon and common tools, kinda "let's see what sticks" approach. And it sounds like you have no ideas for Q1, so why should you get this job? I would suggest you brush up on penetration techniques, specifically related to Windows and Active Directory. The following Google search yielded some really interesting articles that seem pertinent to what you are looking for: https://www.google.com/search?q=pentest+find+user+machine+from+employee+name&oq=pentest+find+user+machine+from+employee+name&aqs=chrome..69i57j33.9488j1j7&sourceid=chrome&ie=UTF-8 I especially enjoyed the article from https://hausec.com, which walks you through the process from the beginning. I'm not going to give you direct answers, since that would make me more qualified for this job than you. I also don't claim to have all the answers, but I'm not the one interviewing for a infosec job, as much as I would love a career change. I wish you luck on your job search and I hope you can gain the knowledge you need to do your job well and impress the interviewers. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.