System

1) How to change DNS settings in Linux?

Linux:
/etc/resolv.conf
add a line of "nameserver x.x.x.x"

2) How to change DNS settings in Windows:
Control Panel -> Network and Sharing Center -> Change adapter settings
Right-click on the adapter you want to configure and select 'properties.'
Double-Click on TCP/IPv4 
Change the DNS settings to the server(s) you want, and apply your changes.

3) Linux Server Hardening List

Account: (disabling guest/anonymous accounts, unique id, no generic/shared account, )
Password: (Change default passwords, set expiration dates and password length)
File System (no unnecessary shares, file permissions are checked)
Applications (Logging, File Integrity Monitoring, Antivirus) 
Services: (disable unnecessary functionality and services)
System: (Use a Central NTP server, Check Crontab for scheduled tasks )
Remote Access (secure method - ssh, set session timeout, use VPN)
Network (disable Insecure services, no unnecessary services)

4) Windows Hardening List
Patches (Automated updates for Win and 3rd party apps, vulnerability scans)
Anti-virus
Account (LDAP, Kereberos Domain Authentication, )
Application (only approved applications installed, Anti-virus, Logging)
Password (et expiration dates and password length, remember password history, )
Logs (enable Audit Policy, send to a central loggin server)
Network: (Firewalls in place, disable unnecessary functionality and services) 
Remote Access (RDP encryption level, limit remote access to specific IP addresses)
Shares (Remove unnecessary shares)
System (Use a Central NTP server)
Backup (enable backup schedule)

5) Differences of security win 7 vs win 10?

=================================
Identity Protection

Windows 7

Phishing attacks on your users’ passwords are increasingly successful. 
Today’s multifactor solutions, like smartcards are often cumbersome and costly to deploy.
Pass the hash attacks enable hackers to steal identities, traverse the network and evade detection.
BYOD devices have limited network access due to security risk.

Windows 10

Windows Hello an easy to use and deploy multi-factor password alternative that can use biometrics* or other factors for authentication.*(Mandiant, 2016)
Windows Hello Companion Devices² such as wristbands, smart watches, phones etc. allow customers to quickly sign-in to their Windows 10 PC and authenticate to their business resources without using a password. 
Credential Guard helps protect user access tokens (e.g.: NTLM Hash) from being stolen and misused by storing them inside a secured hardware isolated container.
Microsoft Azure Active Directory³ provides a comprehensive identity and access management solution for the cloud.
====================================

Information Protection

Windows 7

BitLocker offers optionally configurable disk encryption.
Prevention of accidental data leakage requires the use of additional and frequently third-party capability.
Information protection often compromise the user experience in the interest of security, resulting in low adoption and varying experience between the desktop and mobile devices.

Windows 10

BitLocker ⁴ is much improved, is highly manageable, and can be automatically provisioned on many new devices.
Windows Information Protection⁵ (WIP) makes it easier to safeguard your business data. WIP gates user and app access to protected data based on policies you define. So you can help protect data wherever it lives on your devices—without affecting your user experience.
====================================

Threat Resistance

Windows 7

Most OS breaches are initiated in the browser and are executed quickly, leaving the user and IT with little to no ability to respond. 
All apps are trusted until they are determined to be a threat or are explicitly blocked. With over 300K new threats per day, blocking harmful apps through detection is a losing battle.
Anti-virus (AV) protection not included in-box requiring additional software.
Network breaches go undetected on average of 200 days**. Once detected, organizations have little to no information on the source of the breach. **(AV Test - The Independent IT Security Institute , 2015) https://www.av-test.org/en/antivirus/home-windows/windows-8/december- 2015/microsoft-windows-defender-4.8-154547/ 

Windows 10

Microsoft Edge uses sandboxing technology to isolate the browser from the OS and plugins, like Flash. If there is a breach, OS can’t be compromised.
Device Guard offers full app lockdown protection by ensuring an application proves itself trustworthy before it can run. 
Windows Defender provides enterprise-grade anti-virus support and has 99.8% detection prevalence according to industry AV tests.²
Windows Defender Advanced Threat Protection (ATP) enables Windows enterprise customers to detect, investigate, and remediate advanced persistent threats and data breaches on their networks. Running alongside any anti-virus (AV) solution, Windows Defender ATP is continuously up-to-date and can help lower costs.
=====================================

Device Security

Windows 7

Platform security is based entirely on what software can do on its own, and once infected there is no assurance that system defenses can perform their function tamper free.
Malware can hide within the hardware or in the operating system itself, and there is in no reliable way to validate integrity once it has been compromised.
If an attacker gets kernel level control, they have sweeping access to system.

Windows 10

Hardware based security and the level of trust it offers helps to maintain and validate hardware and system integrity.
UEFI Secure Boot helps prevent malware from embedding itself within hardware or starting before the OS. Trusted Boot helps maintain the integrity of the rest of the OS.
Virtualization based security (VBS) powered by Hypervisor technology, moves some of the most sensitive Windows processes into a secured execution environment to help prevent tampering and when the Windows kernel itself has been fully compromised. In Windows 10, VBS powers features such as Device Guard , Credential Guard, Virtual TPM and Windows Hello biometrics capabilities which greatly deter malware, hacking tools, and breaches.

6) What are the most known SMB vulnerabilities?

EternalBlue
SMBleedingGhost or CoronaBlue
SambaCry

 What is buffer overflow attack?
 occurs when the volume of data exceeds the storage capacity of the memory buffer

What is shellcode and how is it used?

Shellcode is a set of instructions that executes a command in software to take control of or exploit a compromised machine

Types Of shellcode?

Bind
Reverse

2.1 ASLR (Address Space Layout Randomization)

The goal of ASLR is to introduce randomness for executables, libraries, and stacks in the memory address space; this makes it more difficult for an attacker to predict memory addresses and causes exploits to fail and crash in the process.

When ASLR is activated, the OS loads the same executables at different location in memory every time.

It is important to note that ASLR is not enabled for all modules. This means that, even if a process has ASLR enabled, there could be a DLL in the address space without this protection which could make the process vulnerable to the ASLR bypass attack.

Software: To verify the status of ASLR on different programs, download Process Explorer and verify yourself.

Windows provides another tool that helps solve the problem of exploitation, the Enhanced Mitigation Experience Toolkit (EMET)

2.2 DEP (Data Execution Prevention)

DEP is a defensive hardware and software measure that prevents the execution of code from pages in memory that are not explicitly marked as executable. The code injected into the memory cannot be run from that region; this makes buffer overflow exploitations even harder.

2.3 Stack Cookies (Canary)

The canary, or stack cookie, is a security implementation that places a value next to the return address on the stack.

The function prologue loads a value into this location, while the epilogue makes sure that the value is in tact. As a result, when the epilogue runs, it checks that the value is still there and that is correct.

If it is not, a buffer overflow has probably taken place .This is because a buffer overflow usually overwrites data in the stack.