Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,740 --> 00:00:01,700
Hello everyone.
2
00:00:01,700 --> 00:00:06,500
In this lecture we will discuss about advanced scenario based interview question.
3
00:00:06,830 --> 00:00:08,900
So why this is the advance?
4
00:00:09,200 --> 00:00:17,660
This is because in this interview, totally check your investigation part from your investigation part
5
00:00:17,660 --> 00:00:20,090
to your skills, each and everything.
6
00:00:20,090 --> 00:00:24,200
And they will get to know that whether you have worked on it or not.
7
00:00:24,200 --> 00:00:30,080
So let me start I will give you some examples, but before that, let me show you that what exactly
8
00:00:30,080 --> 00:00:33,800
the scenario is and for this particular lecture.
9
00:00:34,160 --> 00:00:41,780
So the interviewer will give you a scenario and in in between they will stop you and they will change
10
00:00:41,780 --> 00:00:42,680
the scenario.
11
00:00:44,470 --> 00:00:51,040
INTERVIEWER will try to check your skill and he will get to know whether you have worked earlier on
12
00:00:51,040 --> 00:00:52,180
it or not.
13
00:00:53,450 --> 00:00:56,960
For this type of question, you should have proper knowledge, definitely.
14
00:00:57,230 --> 00:01:01,610
And then only you can answer these these type of questions.
15
00:01:02,720 --> 00:01:09,800
And for example, we have taken maybe, I think, four questions just to show you that just the demo
16
00:01:09,830 --> 00:01:12,920
that how they can actually ask this type of question.
17
00:01:14,940 --> 00:01:17,030
Let me start with the number one question.
18
00:01:17,040 --> 00:01:22,350
So let's say I'm the interviewer and you are one of the candidates.
19
00:01:23,220 --> 00:01:30,750
So you received one of the phishing email in your organization, then how you will investigate manually.
20
00:01:31,650 --> 00:01:33,190
Now what will be your answer?
21
00:01:33,210 --> 00:01:35,220
Definitely you will.
22
00:01:35,250 --> 00:01:37,800
You will have to elaborate this answer.
23
00:01:38,490 --> 00:01:43,890
You will say you will do URL analysis, domain analysis, attachments, right.
24
00:01:43,890 --> 00:01:48,180
And you will check whether the email is spoofed or not.
25
00:01:48,210 --> 00:01:51,390
You will check the sender domain, these kind of things.
26
00:01:51,390 --> 00:01:54,000
You will check whether it's malicious or not.
27
00:01:54,330 --> 00:01:54,900
Right.
28
00:01:55,950 --> 00:02:01,590
And once you will set all these investigations, you will set all these steps, they will interrupt
29
00:02:01,590 --> 00:02:02,070
you.
30
00:02:02,460 --> 00:02:03,240
This is the what?
31
00:02:03,240 --> 00:02:05,520
The barrier question now.
32
00:02:05,700 --> 00:02:06,960
INTERVIEWER is stopping you?
33
00:02:06,960 --> 00:02:07,650
Definitely.
34
00:02:07,650 --> 00:02:09,420
Now the scenario is change, guys.
35
00:02:10,650 --> 00:02:14,010
So let's say everything is clean.
36
00:02:14,010 --> 00:02:19,560
Even the you are even the attachments, even even the email is not spoofed.
37
00:02:19,590 --> 00:02:26,610
The sender domain is also, you know, showing the perfectly clean now but it's still the email is the
38
00:02:26,610 --> 00:02:30,960
phishing one now question is that how you will confirm it?
39
00:02:31,860 --> 00:02:33,240
So here is the answer.
40
00:02:34,420 --> 00:02:38,440
See it might be happened, guys, that you are an attachment.
41
00:02:38,440 --> 00:02:39,820
Everything is clean.
42
00:02:40,240 --> 00:02:45,430
But somehow that URL is redirecting to some other pages.
43
00:02:45,430 --> 00:02:46,030
Right.
44
00:02:46,390 --> 00:02:52,570
And it might be a happen that that URL is asking for the.
45
00:02:54,090 --> 00:02:58,590
Sending you a one on one of the page in which they are asking for the credential.
46
00:02:59,100 --> 00:03:06,090
So this type of emails, this type of phishing email, generally used for the credential harvesting.
47
00:03:06,930 --> 00:03:09,210
So this this could be your answer.
48
00:03:09,810 --> 00:03:13,140
Now, again, there is a barrier question.
49
00:03:13,140 --> 00:03:15,800
Let's suppose you enter the credential, right?
50
00:03:15,840 --> 00:03:18,120
It is given giving an error.
51
00:03:18,240 --> 00:03:20,040
Then what will be your next step?
52
00:03:20,520 --> 00:03:21,600
Well, the.
53
00:03:21,630 --> 00:03:22,290
See.
54
00:03:23,200 --> 00:03:28,900
It can happen that you are just giving your credential and it is reloading again and again.
55
00:03:28,900 --> 00:03:34,930
So at least three times this is the you can try at least three and more times.
56
00:03:34,930 --> 00:03:43,120
If it is showing the same error, then you should check the the redirected URL of that URL actually,
57
00:03:43,750 --> 00:03:46,450
then check for the reputation of those things.
58
00:03:46,450 --> 00:03:49,420
And on those basis you will have to take the action.
59
00:03:50,080 --> 00:03:53,140
You will have to consider whether it's a phishing email or not.
60
00:03:53,230 --> 00:03:53,800
Right.
61
00:03:55,620 --> 00:04:00,990
No, just it's a note so her interviewer can ask more questions, right?
62
00:04:01,140 --> 00:04:02,100
Definitely.
63
00:04:02,100 --> 00:04:04,830
So you should have the whole investigation.
64
00:04:04,830 --> 00:04:09,330
You should have the knowledge of whole investigation for phishing emails.
65
00:04:10,970 --> 00:04:12,830
Now we have the question second.
66
00:04:14,510 --> 00:04:21,740
You might have seen the organization use major tech framework in their organization, but why do they
67
00:04:21,740 --> 00:04:22,460
use it?
68
00:04:23,000 --> 00:04:32,450
Though we have our antivirus EDR, SIEM and other tools out there to secure from suspicious suspicious
69
00:04:32,450 --> 00:04:33,310
activities.
70
00:04:33,320 --> 00:04:33,830
Right.
71
00:04:34,130 --> 00:04:37,460
So what is the need of that tech in your organization?
72
00:04:37,580 --> 00:04:39,910
So let's see the answer.
73
00:04:42,920 --> 00:04:43,280
Okay.
74
00:04:43,280 --> 00:04:49,910
So these type of tools, let's say antivirus ideas, can detect the suspicious activities.
75
00:04:50,210 --> 00:04:57,620
There is no doubt but organization use attack framework framework just to map out the characteristics
76
00:04:57,620 --> 00:05:02,540
and specific tools used in attack across the major tech frameworks.
77
00:05:02,570 --> 00:05:08,450
And it helps the SOC team assesses the current effectiveness of the existing security measures and the
78
00:05:08,450 --> 00:05:09,470
impact of the attack.
79
00:05:09,920 --> 00:05:17,660
So basically, whatever the security we have in our organization, it actually checks all those measures
80
00:05:17,660 --> 00:05:25,140
of whether this kind of let's see if there is some some technique different technique in the might attack.
81
00:05:25,160 --> 00:05:32,600
So whether our SOC team or against the security measures are enough to face those issues or not.
82
00:05:33,620 --> 00:05:34,160
Right.
83
00:05:34,670 --> 00:05:39,660
Whether we we are blocking we are just denying those traffic or not.
84
00:05:39,680 --> 00:05:42,470
So this is what just a framework.
85
00:05:42,470 --> 00:05:49,310
Framework, just to check the you can see the existing security measures and that how it can be impact
86
00:05:49,310 --> 00:05:50,690
on us.
87
00:05:52,790 --> 00:05:59,570
Now attack allows defenders to assess whether they can defend against a specific ETB or you can say
88
00:05:59,570 --> 00:06:00,350
apt.
89
00:06:00,500 --> 00:06:00,850
Right.
90
00:06:00,860 --> 00:06:03,740
And common behaviors across multiple threat actors.
91
00:06:05,210 --> 00:06:12,560
Question thought we have when you move the NFC cards from one PC to another, PC, does the MAC address
92
00:06:12,560 --> 00:06:13,850
get transferred as well?
93
00:06:13,880 --> 00:06:18,530
Definitely, because the Mac address is in that and I see card actually.
94
00:06:18,740 --> 00:06:20,810
So it is going to change.
95
00:06:20,810 --> 00:06:21,980
But why?
96
00:06:21,980 --> 00:06:30,470
It is going to change, as I said, because we are changing the NFC card and Mac address is already
97
00:06:30,470 --> 00:06:35,060
encoded in that and I see card that that's the reason.
98
00:06:35,810 --> 00:06:36,860
Now last question.
99
00:06:36,860 --> 00:06:38,600
We have very important one.
100
00:06:39,890 --> 00:06:46,430
Mainly, this is the most asked questions basically for the scenario based question.
101
00:06:46,790 --> 00:06:53,450
So the question is, have you ever worked on any malware cases in your previous organization?
102
00:06:54,140 --> 00:06:56,210
So definitely you might we have bugs.
103
00:06:56,210 --> 00:06:58,610
So in my case, I worked on it.
104
00:06:59,180 --> 00:07:07,790
I worked on many of the like like emotet ICD idea, ICD ID, many ransomware as well, a lot of phishing
105
00:07:07,790 --> 00:07:15,230
emails as of now, I think maybe more than six or 7000 emails I have already investigated.
106
00:07:17,690 --> 00:07:18,020
Okay.
107
00:07:18,050 --> 00:07:20,760
Now, very question is that tell us how Emotet work.
108
00:07:20,780 --> 00:07:25,490
So you have to tell each and every thing that how actually that malware.
109
00:07:25,520 --> 00:07:30,070
Or maybe it depends on you that on which our case you have worked.
110
00:07:30,080 --> 00:07:31,970
Right, so you have to elaborate it.
111
00:07:32,600 --> 00:07:37,220
Now the next question will be, can you explain this malware in the form of cyber culture?
112
00:07:37,340 --> 00:07:40,730
Now here, what does what does it mean?
113
00:07:40,760 --> 00:07:42,350
It means what?
114
00:07:42,350 --> 00:07:53,150
Actually, the interviewer wants you to just elaborate or you can say, explain the text of in the 70
115
00:07:53,180 --> 00:08:00,440
stages of cyber kill chain and which stages like that, how or how it will be.
116
00:08:00,620 --> 00:08:06,290
First part like recommends second part weaponization, delivery, exploitation, installation, command
117
00:08:06,290 --> 00:08:09,400
and control, and then action on objectives.
118
00:08:09,410 --> 00:08:17,900
So you have to just correlate your malware or whatever the attacks you have worked go to correlate with
119
00:08:17,900 --> 00:08:23,120
these seven stages of cyber kill chain, for example, like Emotet.
120
00:08:23,330 --> 00:08:25,810
Emotet generally comes through phishing email, right?
121
00:08:25,820 --> 00:08:34,820
So in that sense, definitely I'm going to gather the information of the, you know, recipient means
122
00:08:34,820 --> 00:08:38,360
the user where I have to send the email.
123
00:08:38,390 --> 00:08:39,020
Correct.
124
00:08:39,050 --> 00:08:43,100
Now, weaponization is that I will attach the file.
125
00:08:43,100 --> 00:08:50,240
I will do each and everything, whatever I have to, you know, attach in the email body, the deliveries
126
00:08:50,240 --> 00:08:54,980
that I will send that email to the user.
127
00:08:55,430 --> 00:09:02,630
And exploitation is that once the user is going to click on that attachment, that is directly going
128
00:09:02,630 --> 00:09:03,530
to install.
129
00:09:04,040 --> 00:09:08,120
Once it will install, install, I will get the command and control.
130
00:09:08,120 --> 00:09:13,130
And after that I can, you know, is to seal the data.
131
00:09:13,130 --> 00:09:18,320
I can steal each and everything is still the password is still the confidential datas different different
132
00:09:18,320 --> 00:09:19,220
things even.
133
00:09:19,700 --> 00:09:22,210
You know, I can drop other malware too.
134
00:09:22,220 --> 00:09:25,880
So this is how I correlate these things, right?
135
00:09:25,910 --> 00:09:33,440
I hope this, these four questions are enough to just to tell you that how actually these advanced you
136
00:09:33,440 --> 00:09:39,050
can say scenario based question as in the during the interview but why take care.
12662
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.