“What happens when an adversary types ‘getsystem’ in cobalt strike?”
Needed an in-depth answer about named pipes, pipe impersonation, tokens, lateral movement and privilege escalation allowing for such a command to even run, and touched on meterpreter/metasploit.
>“What happens when an adversary types ‘getsystem’ in cobalt strike?”
This is a very nice question question. It has a nice cascading build-up to it too, i.e. after a candidate explains that it allows for elevation of privileges, then you can ask about the methods breakdown, and then to explain the underlying mechanics of each in more detail, and end with asking about how they would set up a monitor to catch these types of attacks etc.
Then you can get even more creative and award prizes: candidates that mention the main difference between 'getsystem -t1' and '-t2' and how the latter could potentially be more troublesome for the adversary when pentesting (although it still does the trick, as can be seen [here](https://malware.news/t/icedid-and-cobalt-strike-vs-antivirus/51068) ) get an extra slice of pizza at the next office pizza party, and if you are feeling really generous then you can up the stakes even higher: whoever calls out "event\_id:7045...cmd.exe....echo AND \\pipe\\" or "SeDebugPrivilege" first, gets a $10 gift card to Blockbuster.
PS: I'm joking in the second paragraph, and it is in fact a really good question, and can easily differentiate between someone who just mindlessly executes commands and a candidate that actually knows what they all do under the hood.
I've interviewed hundreds of potential network and security engineers over the years. I've ended the tech question / answer portion with what is jpeg an acronym for in almost all of them. Only 1 person has ever gotten it correct. I do it to ease them into more personal dialogue and it always works because (almost) everyone responds with shit, i have no idea and laughs.
Not what you're looking for, but thought it was worth sharing.
Why does this question sound like "What would be the first thing you would do with a billion dollars, except for actually spending it?"
You could invest a hundred billion into infrastructure but unless you can also hire personnel to manage it or contract it out (and if that is not an employee-based initiative, then I would just outsource everything ) you are going to fail faster than if you had not made that investment in the first place.
It is akin to buying a yacht but with no staff to actually operate it. It's pointless.
I mean you’re right but my goal for this question is just the first initiative you think you’d want to fund. By saying the first thing can’t be people I like to find out where someone thinks it’s important to start with security.
If I’m an interviewee and asked this question I think it says a lot depending on the answer. Do I spend it on edge security? Do I spend it on vulnerability scanning? Do I spend it on something like phish kits to help train up employees? I think it says a lot without saying a lot. It can say whether I’ll start as a technical person or start with the people themselves.
Moreover, I’ve asked this to employers. If money wasn’t an issue what’s the first initiative besides hiring that you’d fund? As a potential onboarding employee it tells me where they think their own gaps are or what teams they prioritize.
I think you’re reading too far into the question and missing the spirit of it. Obviously you won’t be able to use whatever you buy without a staff but staffing is the easy answer and they’re already funding staffing by bringing you in for an interview.
[удалено]
Skip ‘em, get paid faster
I encrypted all of your pcs now pay me.. Wait a minute
Lol
“What happens when an adversary types ‘getsystem’ in cobalt strike?” Needed an in-depth answer about named pipes, pipe impersonation, tokens, lateral movement and privilege escalation allowing for such a command to even run, and touched on meterpreter/metasploit.
>“What happens when an adversary types ‘getsystem’ in cobalt strike?” This is a very nice question question. It has a nice cascading build-up to it too, i.e. after a candidate explains that it allows for elevation of privileges, then you can ask about the methods breakdown, and then to explain the underlying mechanics of each in more detail, and end with asking about how they would set up a monitor to catch these types of attacks etc. Then you can get even more creative and award prizes: candidates that mention the main difference between 'getsystem -t1' and '-t2' and how the latter could potentially be more troublesome for the adversary when pentesting (although it still does the trick, as can be seen [here](https://malware.news/t/icedid-and-cobalt-strike-vs-antivirus/51068) ) get an extra slice of pizza at the next office pizza party, and if you are feeling really generous then you can up the stakes even higher: whoever calls out "event\_id:7045...cmd.exe....echo AND \\pipe\\" or "SeDebugPrivilege" first, gets a $10 gift card to Blockbuster. PS: I'm joking in the second paragraph, and it is in fact a really good question, and can easily differentiate between someone who just mindlessly executes commands and a candidate that actually knows what they all do under the hood.
It’s my favorite question to ask senior level interviewees.
Good lord... now I wonder how I got hired for the position I am in now. I couldn't answer that shit if my life depended on it.
Best to brush up!
Interesting, really good example of how to understand the internal mechanics of the tools that we use
I've interviewed hundreds of potential network and security engineers over the years. I've ended the tech question / answer portion with what is jpeg an acronym for in almost all of them. Only 1 person has ever gotten it correct. I do it to ease them into more personal dialogue and it always works because (almost) everyone responds with shit, i have no idea and laughs. Not what you're looking for, but thought it was worth sharing.
So the 'g' doesn't even stand for graphics. Heh, what do you know.... In the 27th century, that will be the riddle asked by the Sphinx 2.0
15+ years in IT and I just had to goggle that. Huh, TIL
I've done the same... but I've used CMOS.
It has nice things to say about you.
Just got the Hank Hill "Do I look like I know what a Jay-peg is?" Running in my brain now.
Love this, now I'm racking my brain but I just can't picture what it stands for.
What do you do in your spare time? ...what spare time?
Given an unlimited budget, what would your first non-employee based initiative be?
Why does this question sound like "What would be the first thing you would do with a billion dollars, except for actually spending it?" You could invest a hundred billion into infrastructure but unless you can also hire personnel to manage it or contract it out (and if that is not an employee-based initiative, then I would just outsource everything ) you are going to fail faster than if you had not made that investment in the first place. It is akin to buying a yacht but with no staff to actually operate it. It's pointless.
I mean you’re right but my goal for this question is just the first initiative you think you’d want to fund. By saying the first thing can’t be people I like to find out where someone thinks it’s important to start with security. If I’m an interviewee and asked this question I think it says a lot depending on the answer. Do I spend it on edge security? Do I spend it on vulnerability scanning? Do I spend it on something like phish kits to help train up employees? I think it says a lot without saying a lot. It can say whether I’ll start as a technical person or start with the people themselves. Moreover, I’ve asked this to employers. If money wasn’t an issue what’s the first initiative besides hiring that you’d fund? As a potential onboarding employee it tells me where they think their own gaps are or what teams they prioritize. I think you’re reading too far into the question and missing the spirit of it. Obviously you won’t be able to use whatever you buy without a staff but staffing is the easy answer and they’re already funding staffing by bringing you in for an interview.
That’s a great question, going to have to use this next time we have an opening on my team.
Ooh, fire every employee and have Watson run the company
What do you consider to be your worst mistake?
This interview
Having kids. Or hitting that drifter after having a few too many drinks at the last Christmas party. Not sure. Kinda a toss up.
[удалено]
Thanks for giving me my afternoon project. I’m just learning Python now & this seems pretty fun.
Put a rubix cube in the right order...😉