Hi, I have an interview for InfoSec role at google in a few weeks. I was using that gracenolan security engineer checklist that everyone uses from github. I have been studying a lot of stuff from that list (and others not on the list) but still feel like I am missing some items on the to-do list. Can someone provide some insight into something I am missing that I HAVE TO KNOW? I have no idea what to expect for the system design round so info on that would help a lot as well. Would love to DM someone if possible. What i have studied so far: - dns / zone transfers / axfr protocol / dnssec - poisoning attacks (arp and dns) - tcp vs udp - osi model - icmp - sqli - lfi / rfi - tls/ssl & certificates / digital signatures - asymmetric vs symmetric encryption - https - same origin policy & cors - xss - csrf - hsts Stuff i already feel decent about: - anything burp suite related - nmap & service enumeration - exploit writing process (buff overflows and converting assembly to shellcode) - need to brush up on ret-to-libc and rop chains - pentesting process To-do: - how to secure lamp stack - personal laptop hardening - how does tor work - design a botnet - bgp - how to securely deploy and scale an api - sandbox escapes 101 - elf vs pe files - executable protections (aslr, stack canaries, etc) I know there is a lot more than this that COULD be covered but I have no idea what I should really focus on first. Any guidance helps. Thank you all. #securityengineer #security #infosec #google #redteam #meta
How does ssh work? (With all possible details)
jesus. if you fail google interview and want a startup job then DM for New
I have a similar list, maybe add Injection attacks (SQL, Command, Remote Code, File Upload vulnerabilities), Hashing (collisions/attacks/SHA256 vs MD5 (insecure), securing passwords in applications and Windows/Unix, and parsing files in Python (find and sort log data) etc. IMO I would want to feel very comfortable with the last one for a Google interview.
Thank you. Those are all really good tips. Ill add that to the list. The one thing i didnt mention that I am reviewing now is Fuzzing. I’m anticipating questions on that for sure.
Good luck OP, let us know how it goes. I am also trying to interview with Google
Good luck to you too. Dm me if you want to collab further.
Can I dm you to discuss some of these security topics ?
Also interviewing with Google next week, 1st round. Which org?
Infosec
They have multiple…is it ISE org or Threat Detection org?
Some overlap with what you already have but I found this resource useful https://danielmiessler.com/study/infosec_interview_questions/
Thanks man!
Sharing my interview experience: 1. Why you shouldn't send passwords in a GET request? 2. SSL Handshake 3. Secure Code Review of a login functionality written in python. Find vulnerabilities, mitigations and how to implement it. 4. Simple python program (don't remember the question).
Wow you are a saint. Thanks my man.
Was all this in 45 minutes or multiple interviews?
Also doing an interview next week with ISE, if any of you guys go through with it and remember the questions they asked and want to help me out that would be awesome.
Id be more inclined to help you out if you contributed to the conversation... maybe say some stuff you have studied or specific questions you have seen in other interviews...
lol totally my bad man, ive been going through firewall rules and whitelisting as ive heard thats a question they usually ask. Some others ive heard they ask are security questions like encryption/encoding, single link list vs double and explaining some processes like how to securely store a pwd in a db or how does a java program compile. As far as coding im stumped not sure what they are going to ask so well see how that goes
Did you give your interview? I am Preparing for my interview as well and would like to know what was asked in coding round.
How’s your preparation going so far? What are you focusing on in terms of security?
Tech Industry
Yesterday
2999
I am starting to think Chinese interviewers currently fail non-Chinese candidates on purpose.
Health & Wellness
15h
466
Do you sleep before 12 am?
Tech Industry
Yesterday
3950
Crossed a line with my boss
Tech Industry
9h
2259
Asians - what are your thoughts on asian female white male ?
World Conflicts
Yesterday
572
American police seem to work only when Israel is challenged
A friend told me they asked LC easy/med problems, might be good to brush up.
I was doing some of those as well. Any particular type of questions that you know of? Like dfs bfs and tress or like parsing and sorting data? I heard security doesn’t deal much with data structures but i think thats wrong.
Goog asked me ds algo for security interview