Penetration Tester Interview

Comprehensive interview preparation for penetration testing roles, covering offensive security, vulnerability assessment, and ethical hacking techniques.

Reconnaissance

Exploitation

Tools & Techniques

Methodology

Technical Questions

Core technical questions specific to penetration testing and offensive security.

Reconnaissance

Q: How do you perform passive reconnaissance?

OSINT tools, DNS enumeration, WHOIS lookups, social media analysis

Q: What tools do you use for network scanning?

Nmap, Masscan, Angry IP Scanner, network discovery

Q: How do you identify web technologies?

Wappalyzer, builtwith.com, HTTP headers, response analysis

Q: Explain your approach to subdomain enumeration

DNS bruteforcing, certificate transparency, search engines

Exploitation

Q: How do you exploit SQL injection?

Union-based, boolean-based, time-based, error-based techniques

Q: What's your approach to privilege escalation?

Kernel exploits, misconfigurations, credential harvesting

Q: How do you handle WAF bypass?

Encoding techniques, alternative payloads, timing analysis

Q: Explain your experience with Metasploit

Exploit development, payload generation, post-exploitation

Tools & Techniques

Q: What's your favorite web application testing tool?

Burp Suite, OWASP ZAP, custom scripts, automation

Q: How do you automate reconnaissance?

Python scripts, bash automation, tool integration

Q: What's your experience with custom exploits?

Exploit development, shellcode, proof-of-concepts

Q: How do you stay updated with new techniques?

Blogs, conferences, CTFs, research papers

Methodology

Q: Walk me through your penetration testing methodology

Planning, reconnaissance, scanning, exploitation, reporting

Q: How do you scope a penetration test?

Asset identification, rules of engagement, timeline

Q: What's your approach to risk assessment?

CVSS scoring, business impact, exploitability

Q: How do you handle false positives?

Manual verification, proof-of-concepts, documentation

Practical Scenarios

Real-world scenarios to test your practical penetration testing skills.

Web Application Testing

Scenario: E-commerce site security assessment

Payment processing, user authentication, data protection

Scenario: API security testing

Authentication bypass, rate limiting, input validation

Scenario: Mobile app security

Reverse engineering, API analysis, data storage

Scenario: Cloud infrastructure testing

IAM misconfigurations, storage access, network security

Network & Infrastructure

Scenario: Internal network penetration

Lateral movement, privilege escalation, persistence

Scenario: Wireless network assessment

WiFi security, rogue access points, encryption

Scenario: Social engineering assessment

Phishing campaigns, physical security, awareness

Scenario: Physical security testing

Access control, surveillance, environmental controls

Tools & Frameworks

Essential tools and frameworks every penetration tester should know.

Reconnaissance Tools

• Nmap
• Recon-ng
• theHarvester
• Shodan
• Maltego

Web Testing Tools

• Burp Suite
• OWASP ZAP
• SQLMap
• Nikto
• Dirb

Exploitation Frameworks

• Metasploit
• Cobalt Strike
• Empire
• Covenant
• Custom exploits

Penetration Testing Best Practices: Always obtain proper authorization before testing, document everything thoroughly, and ensure your testing activities are legal and ethical. Remember that the goal is to improve security, not to cause harm.