+ Reply to Thread
Page 1 of 2 1 2 Last
Results 1 to 25 of 32
  1. Stayed at a Holiday Inn.. the_Grinch's Avatar
    Join Date
    May 2007
    Posts
    3,926

    Certifications
    BS-CST MLS CISSP GMON MPSC Security+ XRY 1+2+3 XAMN AAA AA CMFF CCO CCPA
    #1

    Default SANS SEC511 - Monday

    First SANS course and I am very excited to attend! I will post daily updates here for everyone.
    WIP:
    eLearnSecurity eJPT
    C
    Python
    C#
    Reply With Quote Quote  

  2. SS
  3. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #2
    I'm really interested on personal experiences, keep us updated.
    Reply With Quote Quote  

  4. Senior Member cyberguypr's Avatar
    Join Date
    May 2007
    Location
    Chicago, IL
    Posts
    6,044

    Certifications
    GCFE, GCED, GCIH, CISSP, CCSP, and others that should never be mentioned
    #3
    Very cool. Let us know how it goes.
    Reply With Quote Quote  

  5. Completely Clueless TechGromit's Avatar
    Join Date
    Oct 2015
    Location
    Galloway, NJ
    Posts
    1,561

    Certifications
    A+, Network +, GSEC, GCIH, GREM, Lunatic+
    #4
    I assume in Philadelphia? I'll be there, I'll be the tall stupid looking guy.
    Reply With Quote Quote  

  6. Stayed at a Holiday Inn.. the_Grinch's Avatar
    Join Date
    May 2007
    Posts
    3,926

    Certifications
    BS-CST MLS CISSP GMON MPSC Security+ XRY 1+2+3 XAMN AAA AA CMFF CCO CCPA
    #5
    Yup. I'll be the bald guy with glasses.
    WIP:
    eLearnSecurity eJPT
    C
    Python
    C#
    Reply With Quote Quote  

  7. Member
    Join Date
    Mar 2010
    Posts
    92

    Certifications
    Comptia A+, Network+, Security+, CDFE, TSS, GCIH, GMON, SMFE, OSCP
    #6
    I'm also taking this on demand right now. lots of lab work
    Reply With Quote Quote  

  8. Stayed at a Holiday Inn.. the_Grinch's Avatar
    Join Date
    May 2007
    Posts
    3,926

    Certifications
    BS-CST MLS CISSP GMON MPSC Security+ XRY 1+2+3 XAMN AAA AA CMFF CCO CCPA
    #7
    Finished up day one and boy what a long day it was! Day One is a high level overview meant to get everyone on the same page and to go over what ultimately will be covered in class. Our instructor (Bryan Simon) is amazing! He peppered in a lot of humor and also gives you realistic scenarios that he has seen in the field. The labs have been pretty decent and mimic some of the stuff you would perform while taking the OSCP. I have to say the NetWars at the end was probably the most fun I have had in awhile. Getting the right answer amped me up pretty well and there were definitely some tricky questions. The aim is to get you using the Linux command line to go through logs and answer questions. Lots of grep, awk, cat and sort! Overall I can tell we are going to cover some really great stuff in this course and it has definitely gotten me thinking about what to look for on the networks we monitor.
    WIP:
    eLearnSecurity eJPT
    C
    Python
    C#
    Reply With Quote Quote  

  9. Junior Member
    Join Date
    Mar 2016
    Location
    Philadelphia
    Posts
    19

    Certifications
    MCSE, MCSE, A+, Net+, CISSP, CEH, CCNA, ACSE, EMA, GMON, GCIH, CISM
    #8
    Thanks for posting your thoughts on this, I'm currently taking this course on demand now. I was originally scheduled to take it live in Philly but something came up and am now taking it online. This is my first experience taking a SANS course, so far I have to say I'm impressed with the material, its actually stuff you can walk away with and start using right away. My on demand content expires in June, this being my first experience taking a SANS course I was not aware that I needed to take the test before the the content expires. Is that how all SANS courses are setup? I'm used to taking classes from other vendors where you can take the course and go for the test whenever you feel like it afterwards.
    Reply With Quote Quote  

  10. Stayed at a Holiday Inn.. the_Grinch's Avatar
    Join Date
    May 2007
    Posts
    3,926

    Certifications
    BS-CST MLS CISSP GMON MPSC Security+ XRY 1+2+3 XAMN AAA AA CMFF CCO CCPA
    #9
    This is my first SANS course, but I understand the course expiring at some point. If you were taking it live you'd get audio from a class, but otherwise you wouldn't have any access outside of the books.
    WIP:
    eLearnSecurity eJPT
    C
    Python
    C#
    Reply With Quote Quote  

  11. Junior Member
    Join Date
    Mar 2016
    Location
    Philadelphia
    Posts
    19

    Certifications
    MCSE, MCSE, A+, Net+, CISSP, CEH, CCNA, ACSE, EMA, GMON, GCIH, CISM
    #10
    I understand the course expiring, but I'm required to go to a testing center and take the test before the course expires. My access to my on demand course expires on June 14th. I have to go to a testing center and take and pass the test by June 14th. I figured my access would expire on June 14th and I could take my time studying and take the test when I wanted too.
    Reply With Quote Quote  

  12. Senior Member cyberguypr's Avatar
    Join Date
    May 2007
    Location
    Chicago, IL
    Posts
    6,044

    Certifications
    GCFE, GCED, GCIH, CISSP, CCSP, and others that should never be mentioned
    #11
    SANS courses are designed to be taught in 40 hours. OnDemand gives you access for 4 months. GIAC vouchers are also valid for 4 months. It seems you bought both the course and the voucher at the same time and that is why you need to complete the course and take the test before June. My suggestion is to do your best to go through the OnDemand material within the next 30-60 days and then you'll have 30 extra days to index, review, do practice tests, and then schedule your actual test. Another thing to keep in mind is that if you really absorb the material and take good notes, you should have no need to reference the actual course that much.
    Reply With Quote Quote  

  13. Stayed at a Holiday Inn.. the_Grinch's Avatar
    Join Date
    May 2007
    Posts
    3,926

    Certifications
    BS-CST MLS CISSP GMON MPSC Security+ XRY 1+2+3 XAMN AAA AA CMFF CCO CCPA
    #12
    Day Two is complete (finished about 4 hours ago). My instructor gave the keynote and let me just say that he nailed it: day two those smiles turn to frowns. It is an incredibly long day (9 am to 7 pm) and they also have talks at 7:15 PM so dinner is on hold until after those (obviously they are optional talks, but interesting none the less so why miss it?). Today we covered network architecture and what devices could help to prevent and/or detect intrusions. Definitely some of the most interesting stuff I have seen in awhile. It did cement for me that what I am asking for is correct and I merely need to tune a few things to glean the information that will prove to be most useful for me. It also confirmed that the question I've asked during the course of my investigations are the right ones and that the recommendations I've made are appropriate. The biggest thing I have found is that there is more then one way to skin a cat. So in the labs, how they went about something is different from how I did it, but ultimately they were close and I found the right answers.

    I won't lie the NetWars kicked my butt today and it definitely frustrated me because I did so well the day before. My only critique at this point is that they pepper the NetWars in throughout the day instead of two hours at the end. Seven hours of straight lectures with short breaks and short labs weighs on me pretty heavily. My instructor is still amazing and I am definitely glad that I did my due diligence on him (along with the course) prior to signing up because he makes the class enjoyable and he is extremely informative.
    WIP:
    eLearnSecurity eJPT
    C
    Python
    C#
    Reply With Quote Quote  

  14. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Posts
    3,480

    Certifications
    GPEN, GCFA, eJPT, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #13
    Good stuff!
    Goal: GCFA (DONE), GPEN (DONE)

    "Never stop learning and every time you are doing something mindless...you could be learning something new." Eric Conrad
    Reply With Quote Quote  

  15. Completely Clueless TechGromit's Avatar
    Join Date
    Oct 2015
    Location
    Galloway, NJ
    Posts
    1,561

    Certifications
    A+, Network +, GSEC, GCIH, GREM, Lunatic+
    #14
    Great lecture today on the Internet of Things. It's an interesting field of cyber security research, not sure what kind of money is it in, but it's certainly interesting.

    On the negative side of things, I really don't like the hotel, feels cramped. There idea of a business center is a closet with two computers and no printer. There's no restaurant, but it does have a small bar. There's a good one inch gap at the bottom of my hotel room door, with a long coat hanger type wire and little determination, I'm sure someone could fish under the door and open the door latch. I've noticed pretty much every door on my floor has similar gaps, mine seems like one of the worst. The heat is luke warm at best. I also seem to have the good fortune to have one of four the smaller end unit rooms on the floor.

    What's your opinion Grinch?
    Last edited by TechGromit; 03-03-2016 at 01:33 AM.
    Reply With Quote Quote  

  16. Stayed at a Holiday Inn.. the_Grinch's Avatar
    Join Date
    May 2007
    Posts
    3,926

    Certifications
    BS-CST MLS CISSP GMON MPSC Security+ XRY 1+2+3 XAMN AAA AA CMFF CCO CCPA
    #15
    I skipped the Internet of Things talk tonight. As for the hotel, not too bad, but I can definitely agree that the heat leaves something to be desired. I hadn't noticed the one inch gap till you mentioned it!

    Today's lecture was all about applying what we covered yesterday and actively looking for threats. A lot of analysis of pcaps and with hunting for the bad guys. The exercises were pretty interesting and I found that a lot of what you cover in OSCP helps in this course. I can describe it best as you are seeing the techniques, tactics and procedures so you can defend against them, but also getting to see the offensive side (to a degree). Even though the days are long I highly recommend the course!
    WIP:
    eLearnSecurity eJPT
    C
    Python
    C#
    Reply With Quote Quote  

  17. Stayed at a Holiday Inn.. the_Grinch's Avatar
    Join Date
    May 2007
    Posts
    3,926

    Certifications
    BS-CST MLS CISSP GMON MPSC Security+ XRY 1+2+3 XAMN AAA AA CMFF CCO CCPA
    #16
    Day Four has been completed and it was all about Endpoint Protection (at least in theory). The class revolved all around Windows and the varies methods you could use to detect compromise. 511 is all about detection because as we all know you can't prevent everything. So the mean idea is yeah they can get it, but with the right tools and monitoring in place you can limit what the attackers get access to. As our instructor says, much better to be able to say that 10% of our data was stolen, but we were able to prevent the other 90% because we detected it. The one point that keeps coming up is the fact that you can have all the tools in the world, but if no one is looking at it then you might as well not bother.

    As far as tools are concerned we covered Sysmon, AutoRuns, and how to identify persistence, pivoting and pass the hash. Having been a system administrator (and still being one somewhat) I can see why admins aren't able to do things the right way. But I won't lie when I say I never realized how many tools were available for you to do things the right way. With the added benefit that most of them are free (or don't cost a lot). As my instructor pointed out, since Target resulted in C levels getting canned it may become easier to do things the proper way. Also, as I am sure most of us know, how we answer a request dictates what issue we will have. IT is often know as the "no" department, where as if you had said "that's a good idea, let us test it out so that we comply with out internal policies and procedures" you would have had a better experience. Again this course is amazing and I highly recommend it!
    WIP:
    eLearnSecurity eJPT
    C
    Python
    C#
    Reply With Quote Quote  

  18. Senior Member alias454's Avatar
    Join Date
    Sep 2014
    Posts
    626

    Certifications
    BSIT, A+, eJPT, GSEC, VCP5-DCV
    #17
    Hmm, method for detecting if a Windows machine is compromised...is it turned on?

    Glad you are enjoying the experience.
    “I do not seek answers, but rather to understand the question.”
    Reply With Quote Quote  

  19. Stayed at a Holiday Inn.. the_Grinch's Avatar
    Join Date
    May 2007
    Posts
    3,926

    Certifications
    BS-CST MLS CISSP GMON MPSC Security+ XRY 1+2+3 XAMN AAA AA CMFF CCO CCPA
    #18
    Haha, you know prior to this course I held the same belief, but I would be lying if I didn't say what I learned has shown me that you truly can lock Windows down properly.
    Last edited by the_Grinch; 03-04-2016 at 02:30 AM.
    WIP:
    eLearnSecurity eJPT
    C
    Python
    C#
    Reply With Quote Quote  

  20. Random Member docrice's Avatar
    Join Date
    Apr 2010
    Location
    Bay Area, CA
    Posts
    1,689

    Certifications
    GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, GCFE, GCFA, GMON, OSWP, SFCP, SnortCP, Sec+; expired: CCNA (R&S, Security, Wireless), WCNA
    #19
    I'll likely be taking 511 this year as well. From what I'm reading here, this should be fun and exhausting. 10-hour days is tough, especially when you don't have time for dinner after class because the night talks are going on.
    Reply With Quote Quote  

  21. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #20
    reading this thread gets my hyped up to take some classes. I thrive in a classroom setting, because it makes me focus. I will definitely look into SANS courses. What other classroom setting courses has anybody taken and can recommend?
    Reply With Quote Quote  

  22. Stayed at a Holiday Inn.. the_Grinch's Avatar
    Join Date
    May 2007
    Posts
    3,926

    Certifications
    BS-CST MLS CISSP GMON MPSC Security+ XRY 1+2+3 XAMN AAA AA CMFF CCO CCPA
    #21
    It definitely hit me hard being in class all day then getting 15 minutes before a talk, especially since they were all interesting. Plus that's also hoping that they don't last longer then an hour, which I believe they all basically hit an hour (some a little longer). Ultimately I skipped the internet of things because I needed the break and graduate school work needed to be completed.

    Day 5 consisted of actively looking at various logs within Windows and utilizing PowerShell. It was really like riding a bicycle for me because I haven't analyzed a Windows system for issues in a number of years, but it seems things haven't changed too much. What was awesome was being able to go through and sort the logs to find exactly the information you need. More so the ability to utilize PowerShell to further advance your detection mechanisms. As an example, they cover the writing of a PowerShell script that allows you to pull registry keys in areas malware is known to place them and then go on to compare them to those previously pulled. The whole week has centered on continuous diagnostic and mitigation, the idea that you are consistently looking at your environment and making changes when needed.

    Tomorrow is NetWars...wish me luck!
    WIP:
    eLearnSecurity eJPT
    C
    Python
    C#
    Reply With Quote Quote  

  23. Completely Clueless TechGromit's Avatar
    Join Date
    Oct 2015
    Location
    Galloway, NJ
    Posts
    1,561

    Certifications
    A+, Network +, GSEC, GCIH, GREM, Lunatic+
    #22
    Went to the Meet and greet at 6pm, hey free alcohol. The party carried down to the lobby bar where I have drinks until around 10:30pm.
    Reply With Quote Quote  

  24. Senior Member alias454's Avatar
    Join Date
    Sep 2014
    Posts
    626

    Certifications
    BSIT, A+, eJPT, GSEC, VCP5-DCV
    #23
    Quote Originally Posted by the_Grinch View Post
    As an example, they cover the writing of a PowerShell script that allows you to pull registry keys in areas malware is known to place them and then go on to compare them to those previously pulled.
    Not to hijack this thread but I have been looking at doing that with group policy and an internal git server. I setup a gitlab server and have been working on a powershell script to pull all group policies from AD and then push to the git server. This way you can track changes over time. What you are talking about is kinda cool too, very interesting.

    Good luck on netwars woot!
    “I do not seek answers, but rather to understand the question.”
    Reply With Quote Quote  

  25. Stayed at a Holiday Inn.. the_Grinch's Avatar
    Join Date
    May 2007
    Posts
    3,926

    Certifications
    BS-CST MLS CISSP GMON MPSC Security+ XRY 1+2+3 XAMN AAA AA CMFF CCO CCPA
    #24
    Quote Originally Posted by alias454 View Post
    Not to hijack this thread but I have been looking at doing that with group policy and an internal git server. I setup a gitlab server and have been working on a powershell script to pull all group policies from AD and then push to the git server. This way you can track changes over time. What you are talking about is kinda cool too, very interesting.

    Good luck on netwars woot!
    No worries! The big thing is to be sure to sign the certs so that you aren't using an execution policy that allows anything to run (which I'm sure you aren't

    Today was the sixth and final day. I was sick most of the week, but thankfully I started feeling better Thursday and my boss had other plans so I was able to go to an awesome Ramen place (if you are in Philadelphia I highly recommend NomNom Ramen) and just chill. This meant eating at a normal hour (7 instead of 9 or 10) and something about soup just makes me feel better. I was going to review some stuff, but ultimately I decided that chilling was the way to go. Woke up early, packed and then thought "please dear God don't let me be the weakest link on my team".

    There were eight of us in the class and we broke up into teams by sides. I won't lie I truly thought we were going to get demolished. The other team had some extremely bright people and not that we didn't, but the deck looked stacked for them. Instructor gives us the rules of engagement and then says "GO!". Off we went on what would become a five hour saga! The scoreboard was on the projector and would update automatically so you knew where the other team was. I looked up and they already had 200 points to our 60 (total was 511). I panic because while I figured they'd win I didn't think it would be a blowout. But we keep cranking, my boss and I are Linux guys so we're attacking those questions while our other two teammates take on the Windows side. The kicker is taking a hint costs you points and each second guess costs you a point (plus a point for every guess after).

    Suddenly I begin to notice they aren't answering as quickly as they were. Even my instructor begins taunting them a bit "oh Team Brawndo has submitted an answer four minutes ago...you guys haven't done anything in a half hour". My adrenaline starts pumping and bam score a 30 point question! Now we're tied and my boss says "no more cheering, we don't want them to realize we're taking the lead". This was a very good strategy for two reasons: first, you get so focused on the questions you stop looking at the board and second the laptop displaying the scoreboard was shutting off it's display after some period of inactivity. Even my instructor was shocked when he looked up and we had taken the lead!

    Ultimately, out of 511 points we scored 510 (very ticked because we lost a point though we knew the answer). My instructor told us that this was the highest score for the course in the US (Munich had two teams get 511). A half hour after we finished the last question the other team finally finished and ended with 510. Thus we win haha

    This is by far the best training I have been too and I completely understand why it costs so much. Every instructor (that I interacted with) was top notch, the staff from SANS was extremely helpful and the course content was relevant for today. I have a slew of things I will be adding to our detection environment on Monday because of this class. As I've previously stated, this course not only gave me new knowledge, but it also showed that my process and questions used during the course of my investigations is solid.
    WIP:
    eLearnSecurity eJPT
    C
    Python
    C#
    Reply With Quote Quote  

  26. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #25
    Great review! Thanks for sharing it with us.

    What are you planning on getting next?
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 2 1 2 Last

Social Networking & Bookmarks