1. I've turned my entire house into a faraday cage with EMI shielding paint and window film to mitigate wardriving and TEMPEST attacks. Each device is isolated on its own VLAN and the router only permits Internet traffic between the hours of 03:05 and 04:21.
https://twitter.com/furmanism/status/1353295267009679361
2. I have working knowledge of ISO, SOXO, HIPPO, PHONO, BONO, and PORNO, but our org employs DFIU.
3.
Vuln: there is no lock on the toilet lid.
Risk: my phone can fall into the toilet.
Threat: my 2yo has my phone in the bathroom.
Vuln: there is no lock on the toilet lid.
Risk: my phone can fall into the toilet.
Threat: my 2yo has my phone in the bathroom.
4. I secure Windows and Linux servers by performing a 7-pass shred and then install TempleOS.
5. Network traffic that passes through materials that trap packets as small as 0.3 microbits is said to be filtered. When the filter material traps too many packets, the port may become fully blocked. Under these conditions "net flush" commands may result in an overflow.
6. Depends on the src and dst. If the ping request is e.g. coming from Japan and destined for the US, then the traffic could use the Port of Seattle, the Port of San Francisco, or even the Port of Los Angeles. Interstate packets use the standard Ports of Entry.
7. Dis Networked System needs a monitor in order to see what commands we're typing on the keyboard. Without a monitor we would not have visibility into the commands we run, which may result in type exceptions.
8. Trick question, they are literally all the same thing.
9. Probably with a SQL INSERT statement. Unless you're using a NoSQL database, in which case you'd use NoINSERT.
10. Salt is the flavor people who are sick of infosec but cannot retire or are unable to transition out of infosec. They are weary from Twitter drama, charlatans, kiddies, and years of being repeatedly ignored. When enough salt accumulates, the person becomes crusty.
11. A rainbow table attack is when activists paint your tables in the middle of the night to look like Pride flags. This should not be viewed as an attack and similarly should not be prevented, as surprise rainbows are rad and we should respect "be gay do crime" culture.
12. Owasp is an ancient Kaiju similar to Mothra, but a wasp. Its top 5 vulnerabilities are its pronotum, thorax, mesoscutum, propodeum, and of course its tergites.
13. SQL injection is an antivirus that is administered subcutaneously. CSRF, aka "C Surf", is slang for reading the development manpages. Cross Site Scripting occurs when a developer copy/pastes scripts from another site such as StackOverflow.
14. SSL is Secure Sealion, a military grade fork of Firefox suitable for processing classified data and next-gen memes. HTTPS is the technical term for the "dark web," derived from the names of the top 5 items purchased on the dark web: hats, tater tots, pot, and soda.
15. Trick question, nothing new ever happens in cybersecurity. We've been dealing with the same three vulnerabilities for the past 30 years, we just sometimes give them new names.
Unfortunately that's all the interview questions I have time for, but I would like to mention before I go that I was referred to this position by @da_667.
So, did I get the job?
So, did I get the job?
• • •
Missing some Tweet in this thread? You can try to
force a refresh
