Skip to content

Instantly share code, notes, and snippets.

@morpheuslord

morpheuslord/most repeated.md

Created February 18, 2025 11:30
Show Gist options
  • Save morpheuslord/4b7186e7ca78b9131222296bf58b4074 to your computer and use it in GitHub Desktop.
Save morpheuslord/4b7186e7ca78b9131222296bf58b4074 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
most repeated.md

1. Cryptography (Most Repeated)

  • What is a One-Time Pad? Provide the formula, an advantage, and a disadvantage.
  • What is a block cipher mode? Can you describe a mode of your choice?
  • Compare HMAC-SHA3 with RSA-based digital signatures in terms of integrity, confidentiality, and non-repudiation.
  • What are the four main primitives used in a round of AES? Provide their names and a one-sentence description of each.
  • Why is authentication of Diffie-Hellman key exchange parameters important?
  • Explain Kerckhoff’s principle.
  • What is a digital certificate, and how is it used in HTTPS? Who issues and verifies it? What attacks can occur if certificates are not used?
  • What is a downgrade attack in cryptographic protocols, and how can it be prevented?

2. Software Security

  • What kind of attack is possible with the given C program (typically a buffer overflow scenario)? Provide a short input that will crash the program.
  • Assume an attacker has control over user input in a vulnerable C program. How can they exploit it? Describe the necessary steps.
  • Describe three common countermeasures to prevent buffer overflow attacks (e.g., stack canaries, ASLR, DEP).
  • What is return-oriented programming (ROP), and how can it be used in exploits?
  • How do canaries work in protecting against buffer overflows?
  • What are heap-based overflows, and how can they be mitigated?
  • How does Address Space Layout Randomization (ASLR) help against memory corruption vulnerabilities?

3. Web Security

  • What is a cookie, and why is it necessary? Describe its purpose and function.
  • What is the Same-Origin Policy (SOP), and why is it important?
  • What is SQL injection, and how can it be exploited? Provide an example.
  • Convert the given vulnerable SQL query into a secured, parameterized query.
  • What is a server-side persistent XSS attack? Provide an example.
  • What is DNSSEC, and what are its three main goals?
  • Explain how Content Security Policy (CSP) helps mitigate XSS attacks.

4. Network Security

  • What is a Denial-of-Service (DoS) attack, and what are two types of DoS attacks?
  • What is a firewall, and how does it decide which traffic to allow or block?
  • What is a VPN, and how does it differ from onion routing (e.g., Tor)?
  • What is a Tor bridge, and why would someone use it?
  • What is an onion service, and what does it protect against?
  • What is an amplified DDoS attack, and how does it work?
  • Explain how DNS poisoning attacks via response spoofing work.

5. Usable Security & Anonymity

  • What is the most secure authentication mechanism on modern smartphones? What is the threat model and use case?
  • What are the weaknesses of static biometrics? Provide three arguments.
  • What is the concept of an anonymity set? Provide an example.
  • How does circuit construction and communication work in Tor?
  • What is steganography, and how is it used? Provide an example.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment