+ Reply to Thread
Results 1 to 11 of 11
  1. Senior Member
    Join Date
    Aug 2016
    Location
    Arizona (not a native)
    Posts
    103

    Certifications
    CISSP, CASP, GCFA, C|EH v8, C|NDA, RDRP (Registered DoD RMF Practitioner), Sec+, MCSE-NT4, A+
    #1

    Default Gcti / sans for 578

    For anyone who has taken SANS FOR 578, Cyber Threat Intelligence...

    How tool centric is FOR 578? I just finished FOR 508 online, on-demand and it felt as if it were 75% tools, 25% or less concepts. There were 4 books (and a lab book --- book 5) for FOR 508. Tools seemed to make up almost all of 2 books, and 1/2 of the other 2 books.

    I'm also thinking about taking the Carnegie Mellon SEI online training in threat intelligence because it's cheaper and may be less tool centric.

    Are there any FOR 578 alumni who can provide a little feedback?

    Thank you.
    Reply With Quote Quote  

  2. SS -->
  3. Junior Member
    Join Date
    Sep 2016
    Location
    Singapore
    Posts
    19

    Certifications
    GNFA,GCED,GCIH, ITIL v3
    #2
    I'm looking to take GCTI next. Will also love any feedback from whoever has taken it
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Aug 2016
    Location
    Arizona (not a native)
    Posts
    103

    Certifications
    CISSP, CASP, GCFA, C|EH v8, C|NDA, RDRP (Registered DoD RMF Practitioner), Sec+, MCSE-NT4, A+
    #3
    Have you taken SANS FOR 578? The SIFT Workstation is included with the On Demand materials, so I'm assuming the course (and exam) could be tool heavy.

    According to the SANS/GIAC US web site, the GCTI test won't be released until late December 2017. You'll be waiting a few weeks for feedback unless it comes out earlier in other parts of the world. [I'm trying to be less of an ugly American, but sometimes I forget.]
    Reply With Quote Quote  

  5. Junior Member
    Join Date
    Sep 2016
    Location
    Singapore
    Posts
    19

    Certifications
    GNFA,GCED,GCIH, ITIL v3
    #4
    Not yet. I am looking to take FOR578 next or FOR500/FOR508. Did you particularly enjoyed 508 or found it useful ? When you mentioned tool-centric, is it SIFT workstation and the bundled tools inside ?

    I have a voucher that I need to use before April 2018 and like yourself still waiting for the exams to be released.
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Aug 2016
    Location
    Arizona (not a native)
    Posts
    103

    Certifications
    CISSP, CASP, GCFA, C|EH v8, C|NDA, RDRP (Registered DoD RMF Practitioner), Sec+, MCSE-NT4, A+
    #5
    I did not enjoy the tool-centric focus of FOR508. I don't do hands-on forensics work, so I am now vaguely acquainted with a whole bunch of Windows forensics tools. FOR508 covers SIFT workstation and some of its many, many tools. FOR508 also recaps some FOR408 content, so there's no need to take FOR408 first.

    I asked SANS about FOR578 and whether it was as tool-centric as FOR508. SANS said it's just a handful of tools in FOR578.
    Reply With Quote Quote  

  7. Junior Member
    Join Date
    Sep 2015
    Posts
    18

    Certifications
    GNFA, GCIH, Sec+
    #6
    I finished FOR578 recently and I honestly was very disappointed!

    The course needs to mature more I believe as the topic itself is still a new trend. If you took 508 (or any other course that evolve around threat hunting really) then there's a lot of overlap really..

    It goes into teaching from strategical level to technical tool based level. (The strategy and context building part was the eye opener really, the rest is everyday business for you if you Ever delt with CTI) ..


    I believe the course could be compressed into two days course and it would be great that way! And I'd take it again even!

    I'd say if that happens (becomes 2 days or 3) or at least waiting for another year for it to mature a bit then go for it (especially if you planning to integrate CTI as a serious part of your organization.


    Best of luck!
    Last edited by al88; 12-15-2017 at 08:45 PM.
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Feb 2015
    Location
    Tampa, FL
    Posts
    279

    Certifications
    GPEN/GCIH/CEH
    #7
    So does either of these courses (508/57 cover how to build and execute threat hunting?
    Reply With Quote Quote  

  9. Junior Member
    Join Date
    Sep 2016
    Location
    Singapore
    Posts
    19

    Certifications
    GNFA,GCED,GCIH, ITIL v3
    #8
    I think cause FOR578 is fairly new and they need time to mature. Feedback I think will help alot.
    Are you planning to sit for the exam ?
    Reply With Quote Quote  

  10. Junior Member
    Join Date
    Sep 2015
    Posts
    18

    Certifications
    GNFA, GCIH, Sec+
    #9
    Quote Originally Posted by SaSkiller View Post
    So does either of these courses (508/57 cover how to build and execute threat hunting?
    They both do, (508 has a chapter, and the whole course is about threat hunting "indirectly" .. i guess it depends what's your definition of Threat hunting

    578 obviously covers it but the whole scope of it.. reading APT reports, extracting info, building your own..etc.

    If your are taking it to the next level from both Offensive (GPEN) and Defensive (GCIH) i highly recommend you go 508, it will teach you how to catch movement/malicious activities OR avoiding being caught.

    508 by far the best course I took!
    Reply With Quote Quote  

  11. Junior Member
    Join Date
    Sep 2015
    Posts
    18

    Certifications
    GNFA, GCIH, Sec+
    #10
    Quote Originally Posted by yomista View Post
    I think cause FOR578 is fairly new and they need time to mature. Feedback I think will help alot.
    Are you planning to sit for the exam ?
    I sure hope so, i got an email that the material changed from the time i took it.. i don't know how would that affect my chances in the exam :/
    Reply With Quote Quote  

  12. Junior Member
    Join Date
    Sep 2016
    Location
    Singapore
    Posts
    19

    Certifications
    GNFA,GCED,GCIH, ITIL v3
    #11
    Quote Originally Posted by al88 View Post
    I sure hope so, i got an email that the material changed from the time i took it.. i don't know how would that affect my chances in the exam :/
    Please let me know what you think of it. All the best!
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks