+ Reply to Thread
Page 1 of 4 1 234 Last
Results 1 to 25 of 86
  1. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #1

    Default SANS challengers group

    Besides myself, there is at least two other people here who want to challenge a SANS cert in the coming months. I want to know if anyone is interesting in starting a group for those challenging certain certs. My main focuses would be GCIA and GCFW but GWAPT and GPEN also look very tempting. I basically think it would be a cool area for people to keep track of their study materials and suggest study material, like which books they are mapping to what objectives and etc. Possibly even swap notes (not dumps, notes they created for the test) and suggest websites and etc. Just a thought. What do you guys think?
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #2

    Default GCIA Material

    Here is what I have so far:

    Amazon.com: The Tao of Network Security Monitoring: Beyond Intrusion Detection (9780321246776): Richard Bejtlich: Books


    Amazon.com: Extrusion Detection: Security Monitoring for Internal Intrusions (9780321349965): Richard Bejtlich: Books

    Amazon.com: Security Monitoring: Proven Methods for Incident Detection on Enterprise Networks (9780596518165): Chris Fry, Martin Nystrom: Books

    Amazon.com: Wireshark Network Analysis: The Official Wireshark Certified Network Analyst Study Guide (978189393999: Laura Chappell, Gerald Combs: Books

    Amazon.com: The TCP/IP Guide: A Comprehensive, Illustrated Internet Protocols Reference (0689145704709): Charles M. Kozierok: Books

    Download details: TCP/IP Fundamentals for Microsoft Windows

    Amazon.com: IPv6 Essentials (9780596100582): Silvia Hagen: Books

    Snort :: Docs
    Manpage of TCPDUMP

    The material for the SCNS also looked promising but it would seem that a person here said that it was crap. There are also a bunch of old books on snort out there but I think that it would be better to just read the user guides and such. Realistically I think 300-400 hours of labbing and reading would be required to challenge one of these certs. I was thinking of labbing up at least 3-4 snort/ids boxes and searching the internet for interesting pcaps.

    I am going to try to see if the people from SNORT will let me review some of their training materials for the snortcp.
    Last edited by Bl8ckr0uter; 12-30-2010 at 01:39 PM.
    Reply With Quote Quote  

  4. InfoSec Pro ibcritn's Avatar
    Join Date
    Nov 2010
    Posts
    338
    #3
    Awesome! I am in and I will contribute information soon.

    GIAC GPEN is my goal, but I am also interested in GCFW
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #4
    Quote Originally Posted by ibcritn View Post
    Awesome! I am in and I will contribute information soon.

    GIAC GPEN is my goal, but I am also interested in GCFW

    Awesome! I am glad to see someone is on board. Hopefully we can get a few more people and this group can really take off.
    Reply With Quote Quote  

  6. Random Member docrice's Avatar
    Join Date
    Apr 2010
    Location
    Bay Area, CA
    Posts
    1,687

    Certifications
    GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, GCFE, GCFA, GMON, OSWP, SFCP, SnortCP, Sec+; expired: CCNA (R&S, Security, Wireless), WCNA
    #5
    I might be game for the GCIA. It seems to be a very "core" GIAC cert. If my employer won't be willing to support me for the 503 course, I'll have to consider challenging it since doing it out-of-pocket might not be feasible. I think swapping study notes would be great for cross-reinforcement. Since the GCIA is a bit more narrowly-focused than other GIAC certs (like say the GCFW), it's probably more feasible to challenge it.
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #6
    Quote Originally Posted by docrice View Post
    I might be game for the GCIA. It seems to be a very "core" GIAC cert. If my employer won't be willing to support me for the 503 course, I'll have to consider challenging it since doing it out-of-pocket might not be feasible. I think swapping study notes would be great for cross-reinforcement. Since the GCIA is a bit more narrowly-focused than other GIAC certs (like say the GCFW), it's probably more feasible to challenge it.

    Awesome. How much IDS/IPS experience do you have?

    I do see what you mean about the narrow focus. Some of the certs seem pretty all inclusive (like GCED). The WCNA should help you towards that goal (that's one of the reasons why I'm going for it).
    Reply With Quote Quote  

  8. Random Member docrice's Avatar
    Join Date
    Apr 2010
    Location
    Bay Area, CA
    Posts
    1,687

    Certifications
    GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, GCFE, GCFA, GMON, OSWP, SFCP, SnortCP, Sec+; expired: CCNA (R&S, Security, Wireless), WCNA
    #7
    Oddly enough, I have almost no real experience with intrusion detection even though I've worked with firewalls and VPNs for years. Part of the challenge for me regarding the GCIA is to learn my header offsets and hex so it's second nature. I have a practice test for it in my SANS portal queue that I'm going try my hand on to see how badly I'm able to fail it right now.

    The GAWN is also a big consideration for me. I took a practice test for it a few weeks ago and got a little under 70% so I know where some of my weak spots are. I might challenge that one as well. If anyone's also interested in the GAWN, it'd be great to share notes.
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #8
    Quote Originally Posted by docrice View Post
    Oddly enough, I have almost no real experience with intrusion detection even though I've worked with firewalls and VPNs for years. Part of the challenge for me regarding the GCIA is to learn my header offsets and hex so it's second nature. I have a practice test for it in my SANS portal queue that I'm going try my hand on to see how badly I'm able to fail it right now.

    The GAWN is also a big consideration for me. I took a practice test for it a few weeks ago and got a little under 70% so I know where some of my weak spots are. I might challenge that one as well. If anyone's also interested in the GAWN, it'd be great to share notes.

    Why would you go after GCFW if you have so much experience with firewalls?

    GAWN looks pretty hardcore
    Reply With Quote Quote  

  10. Random Member docrice's Avatar
    Join Date
    Apr 2010
    Location
    Bay Area, CA
    Posts
    1,687

    Certifications
    GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, GCFE, GCFA, GMON, OSWP, SFCP, SnortCP, Sec+; expired: CCNA (R&S, Security, Wireless), WCNA
    #9
    I may have some experience with firewalls and VPNs, but that doesn't make me well-versed with the tricks involved in attacking them. I've gone through most of the OnDemand GCFW course so far, and I have to admit it's not as heavy as I expected it to be. It did, however, provide me a lot of additional insight on some areas. That by itself makes it valuable and there are some things I will immediately apply in my work environment after the holidays. In the end, the GCFW would be nice to at least validate my existing knowledge.

    The GAWN (based on my practice exam) isn't so bad if you have existing wireless experience. For example, if you know 802.1X pretty well, that should help greatly.
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #10
    Interesting. I hope you do go for the GCIA. It would be great to have a different perspective on the objectives.
    Reply With Quote Quote  

  12. Command Line Ninja Chris:/*'s Avatar
    Join Date
    Apr 2010
    Location
    In the void
    Posts
    657

    Certifications
    NSTISSI (4012 & 4011), eCPPT, CEH, CHFI, EDRP, CWSP, CWNA, RHCSA, VCP 3, G2700, GSEC, CIW:SP:WFA, Security+, Network+, A+
    #11
    I will be doing the G7799 and hopefully solidify my subject for my GSEC Gold paper.
    Reply With Quote Quote  

  13. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #12
    Quote Originally Posted by Chris:/* View Post
    I will be doing the G7799 and hopefully solidify my subject for my GSEC Gold paper.
    The g7799 looks like CISSP. You should do very well. I also look forward to seeing your GSEC gold paper.
    Reply With Quote Quote  

  14. Command Line Ninja Chris:/*'s Avatar
    Join Date
    Apr 2010
    Location
    In the void
    Posts
    657

    Certifications
    NSTISSI (4012 & 4011), eCPPT, CEH, CHFI, EDRP, CWSP, CWNA, RHCSA, VCP 3, G2700, GSEC, CIW:SP:WFA, Security+, Network+, A+
    #13
    Quote Originally Posted by Bl8ckr0uter View Post
    The g7799 looks like CISSP. You should do very well. I also look forward to seeing your GSEC gold paper.
    Thanks, yeah G7799 covers the same information just from an auditing perspective. I am currently researching "Production Honeypots and Honeynets" for my GSEC Gold Paper. Thanks for the support.
    Reply With Quote Quote  

  15. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #14
    Quote Originally Posted by Chris:/* View Post
    Thanks, yeah G7799 covers the same information just from an auditing perspective. I am currently researching "Production Honeypots and Honeynets" for my GSEC Gold Paper. Thanks for the support.

    Honeypots and Honeynets oohh sexy

    I have always been curious about who actually deploys honeypots on production networks. Probably only the big, big boys and the government.
    Reply With Quote Quote  

  16. Command Line Ninja Chris:/*'s Avatar
    Join Date
    Apr 2010
    Location
    In the void
    Posts
    657

    Certifications
    NSTISSI (4012 & 4011), eCPPT, CEH, CHFI, EDRP, CWSP, CWNA, RHCSA, VCP 3, G2700, GSEC, CIW:SP:WFA, Security+, Network+, A+
    #15
    A lot of ISPs do as well as you pointed out the big boys. Only the big boys can afford the lawyers that are the added expense when dealing with them.
    Reply With Quote Quote  

  17. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #16
    Quote Originally Posted by Chris:/* View Post
    A lot of ISPs do as well as you pointed out the big boys. Only the big boys can afford the lawyers that are the added expense when dealing with them.
    Now I am really curious....

    Why would you require extra lawyers for a honeynet? I mean to me it seems like a proactive measure for making learning about and (eventually) defending yourself against attacks. Maybe I am missing something. Guess I'll have to wait for the paper lol. Has your thesis been approved yet?
    Reply With Quote Quote  

  18. Command Line Ninja Chris:/*'s Avatar
    Join Date
    Apr 2010
    Location
    In the void
    Posts
    657

    Certifications
    NSTISSI (4012 & 4011), eCPPT, CEH, CHFI, EDRP, CWSP, CWNA, RHCSA, VCP 3, G2700, GSEC, CIW:SP:WFA, Security+, Network+, A+
    #17
    No my thesis has not been approved yet I am doing the pre-research into the domain so I can speed up the actual research for the specific topic.

    Honeypots can be configured to be intelligence gathering, IDS/IPS or even aggressive. In addition they can be considered a form of entrapment if not configured properly. There are a large number of very dynamic problems to consider before an organization ever implements one. This is why many groups just avoid them because they could even create an avenue for hackers to launch attacks from or a major legal hassle.
    Reply With Quote Quote  

  19. Cyber Ninja L0gicB0mb508's Avatar
    Join Date
    Apr 2005
    Location
    Teh Tubes
    Posts
    535

    Certifications
    GCIA, GCIH, MCP, Net+, Sec+, CCNA, Proj+, A+, CIW, AESA, CCNA:Sec
    #18
    I'll throw my hat in the ring. I hope to challenge GPEN sometime in the near future.
    Reply With Quote Quote  

  20. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #19
    Quote Originally Posted by L0gicB0mb508 View Post
    I'll throw my hat in the ring. I hope to challenge GPEN sometime in the near future.
    Awesome lol. I wondered when you where going to show up.
    Reply With Quote Quote  

  21. Cyber Ninja L0gicB0mb508's Avatar
    Join Date
    Apr 2005
    Location
    Teh Tubes
    Posts
    535

    Certifications
    GCIA, GCIH, MCP, Net+, Sec+, CCNA, Proj+, A+, CIW, AESA, CCNA:Sec
    #20
    Quote Originally Posted by Bl8ckr0uter View Post
    Awesome lol. I wondered when you where going to show up.
    lol don't I always?
    Reply With Quote Quote  

  22. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #21
    Quote Originally Posted by L0gicB0mb508 View Post
    lol don't I always?
    Yes unfortunately.


    Do you have a target date in mind? Also do you know what material you are going to use? The OSCP class should have given you a head start.
    Reply With Quote Quote  

  23. Cyber Ninja L0gicB0mb508's Avatar
    Join Date
    Apr 2005
    Location
    Teh Tubes
    Posts
    535

    Certifications
    GCIA, GCIH, MCP, Net+, Sec+, CCNA, Proj+, A+, CIW, AESA, CCNA:Sec
    #22
    Quote Originally Posted by Bl8ckr0uter View Post
    Yes unfortunately.


    Do you have a target date in mind? Also do you know what material you are going to use? The OSCP class should have given you a head start.
    I don't have a target date in mind at this moment. I'm kind of playing it by ear. I may actually put in my training form today since I'm just sitting around. I will use the SANS self study material. I don't think I'm going to do OnDemand just due to cost. I have some other stuff I want to do with my training budget as well.
    Reply With Quote Quote  

  24. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #23
    Quote Originally Posted by L0gicB0mb508 View Post
    I don't have a target date in mind at this moment. I'm kind of playing it by ear. I may actually put in my training form today since I'm just sitting around. I will use the SANS self study material. I don't think I'm going to do OnDemand just due to cost. I have some other stuff I want to do with my training budget as well.

    Isn't the self study stuff like 3k?
    Reply With Quote Quote  

  25. Cyber Ninja L0gicB0mb508's Avatar
    Join Date
    Apr 2005
    Location
    Teh Tubes
    Posts
    535

    Certifications
    GCIA, GCIH, MCP, Net+, Sec+, CCNA, Proj+, A+, CIW, AESA, CCNA:Sec
    #24
    Quote Originally Posted by Bl8ckr0uter View Post
    Isn't the self study stuff like 3k?
    Yeah after running the numbers I may as well do OnDemand. It's only like $400 more. I should still have enough left over to do my CISSP and maybe CEH.
    Reply With Quote Quote  

  26. Senior Member ipchain's Avatar
    Join Date
    Nov 2006
    Posts
    290

    Certifications
    <- do not define you.
    #25
    Good luck guys. A friend of mine is also doing the GPEN, in fact his exam is next month. I've asked him how does it like it and he is loving it so far.

    GPEN is something I would definitely look at in the near future.
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 4 1 234 Last

Social Networking & Bookmarks