Skip to content

Instantly share code, notes, and snippets.

@morpheuslord

morpheuslord/highest likelyhood questions.md

Created February 18, 2025 11:33
Show Gist options
  • Save morpheuslord/4a45811760106d6c421dd223bbe483c1 to your computer and use it in GitHub Desktop.
Save morpheuslord/4a45811760106d6c421dd223bbe483c1 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
highest likelyhood questions.md

1. Cryptography (Highest Likelihood Topics)

  • AES Encryption & Block Ciphers
    • What are the four main primitives in a round of AES?
    • What is a block cipher mode? Describe one mode and its properties.
  • Public-Key Cryptography & Key Exchange
    • Why is authentication necessary in Diffie-Hellman key exchange?
    • What is a downgrade attack in cryptographic protocols? How can it be prevented?
  • Digital Signatures & Certificates
    • Compare HMAC-SHA3 with RSA-based digital signatures in terms of security properties.
    • What is a digital certificate, and how is it used in HTTPS?
  • Hash Functions & Security Properties
    • What are the key security properties of cryptographic hash functions?
    • How does SHA-3 address weaknesses found in SHA-1?
  • One-Time Pad & Symmetric Encryption
    • Explain the concept of a One-Time Pad and its advantages and disadvantages.

2. Software Security (Highest Likelihood Topics)

  • Buffer Overflows & Memory Corruption
    • How can an attacker exploit a buffer overflow vulnerability in C programs?
    • What are stack canaries, and how do they prevent buffer overflow attacks?
  • Return-Oriented Programming (ROP) & Code Execution
    • What is ROP, and how can it be used to bypass security protections?
    • Explain how attackers manipulate memory layout to execute arbitrary code.
  • Address Space Layout Randomization (ASLR) & Mitigations
    • How does ASLR protect against memory corruption vulnerabilities?
    • What are the limitations of ASLR?
  • Heap-based Exploits
    • What is a heap-based overflow, and how can it be exploited?
    • Describe a mitigation technique for heap-based vulnerabilities.

3. Web Security (Highest Likelihood Topics)

  • SQL Injection & Database Exploitation
    • What is SQL Injection, and how can it be prevented?
    • Convert a given vulnerable SQL query into a secure, parameterized statement.
  • Cross-Site Scripting (XSS)
    • What is a server-side persistent XSS attack? Provide an example.
    • How does Content Security Policy (CSP) help mitigate XSS attacks?
  • Cookies & Authentication
    • What is a cookie, and why is it necessary for web applications?
    • What security attributes can be set on cookies to prevent attacks?
  • DNS Security & Attacks
    • What is DNSSEC, and what are its three main security goals?
    • Explain how DNS poisoning works and how it can be mitigated.

4. Network Security (Highest Likelihood Topics)

  • Denial-of-Service (DoS) & Distributed DoS (DDoS)
    • What is an amplified DDoS attack, and how does it work?
    • What is a Slowloris attack, and how does it differ from traditional DoS attacks?
  • Firewalls & Network Protection
    • How does a firewall work, and what are the differences between a Packet Filter (PF) and a Stateful Inspection Firewall (SIP)?
    • How does a firewall prevent unauthorized access?
  • Virtual Private Networks (VPNs) & Onion Routing
    • What is the difference between VPNs and onion routing (Tor)?
    • What is a Tor bridge, and how does it help bypass censorship?
  • Intrusion Detection Systems (IDS)
    • What are the basic assumptions behind Intrusion Detection Systems?
    • Explain the differences between signature-based and anomaly-based IDS.

5. Usable Security & Anonymity (Highest Likelihood Topics)

  • Biometric Authentication & Security
    • What are the most important weaknesses of static biometrics?
    • Why is fallback authentication crucial for security?
  • Privacy & Anonymity on the Internet
    • What is an anonymity set, and how does it improve privacy?
    • What is steganography, and how can it be used in real-world applications?
  • Tor & Onion Routing
    • How does circuit construction work in Tor?
    • How does Tor protect against ISP eavesdropping?
  • Secure Authentication Methods
    • What is the most secure authentication mechanism for smartphones?
    • How do OTP generators work, and why are they useful for two-factor authentication?

Key Takeaways:

  • Cryptography will likely include AES, public-key cryptography, digital signatures, and hash functions.
  • Software Security will focus on buffer overflows, ROP attacks, ASLR, and heap-based vulnerabilities.
  • Web Security will emphasize SQL Injection, XSS, CSP, and cookie security.
  • Network Security will highlight DoS/DDoS attacks, VPNs, firewalls, and intrusion detection systems.
  • Usable Security & Anonymity will involve biometrics, Tor, anonymity sets, and authentication mechanisms.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment