+ Reply to Thread
Page 2 of 2 First 12
Results 26 to 42 of 42
  1. Member uyen_nguyen's Avatar
    Join Date
    Jul 2012
    Posts
    32
    #26
    For GAWN (Auditing Wireless Network), I used:
    Zigbee Wireless Networking by Drew Gislason
    Hacking Exposed Wireless, Second Editionby Cache / Liu / Wright (must have this book because Wright is course author of GAWN)
    CWAP Certified Wireless Analysis Professional Official Study Guide: Exam PW0-270 (CWNP Official Study Guides)by David A. Westcott, David D. Coleman, Ben Miller, Peter Mackenzie
    CWDP Certified Wireless Design Professional Official Study Guide: Exam PW0-250 (Study Guide Pw0-250) by Shawn M. Jackman, Matt Swartz, Marcus Burton, Thomas W. Head
    CWSP Certified Wireless Security Professional Official Study Guide: Exam PW0-204 (CWNP Official Study Guides)by David D. Coleman, David A. Westcott, Bryan E. Harkins, Shawn M. Jackman
    CWNA: Certified Wireless Network Administrator Official Study Guide: Exam PW0-105by David D. Coleman, David A. Westcott

    And other material from Cisco wireless forum
    Last edited by uyen_nguyen; 07-27-2012 at 04:34 AM.
    Reply With Quote Quote  

  2. SS -->
  3. Member uyen_nguyen's Avatar
    Join Date
    Jul 2012
    Posts
    32
    #27
    For GWAPT, I am using:
    The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws [Paperback]

    Dafydd Stuttard (Author), Marcus Pinto (Author)

    HACKING EXPOSED WEB APPLICATIONS, 3rd Edition [Paperback]

    Joel Scambray (Author), Vincent Liu (Author), Caleb Sima (Author)


    SQL Injection Attacks and Defense, Second Edition [Paperback]

    Justin Clarke (Author), Kevvie Fowler (Contributor)


    Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-' [Paperback]


    Mario Heiderich (Author), Eduardo Alberto Vela Nava (Author), Gareth Heyes (Author), David Lindsay (Author)


    XSS Attacks: Cross Site Scripting Exploits and Defense [Paperback]

    Seth Fogie (Author), Jeremiah Grossman (Author), Robert Hansen (Author), Anton Rager (Author), Petko D. Petkov (Author)


    bunch of javascript, PHP, HTML5, Python knowledge and ton of video available on youtube.

    Javascript by Example 2nd is an excellend resource for Javascript in the Programming Fundamental objective.

    (I will update more as I m studying for GWAPT)
    Last edited by uyen_nguyen; 08-04-2012 at 09:34 PM.
    Reply With Quote Quote  

  4. Junior Member Jurgenius's Avatar
    Join Date
    Jun 2013
    Location
    Croatia
    Posts
    2

    Certifications
    CCNA, CCSA, CCSE, Websense Certified TRITON Web Olymipian
    #28
    Quote Originally Posted by JDMurray View Post
    OK, the official clarification is:
    1. After completing a SANS training class, the student is given a four month deadline to pass the corresponding GIAC exam.
    2. If the exam is not passed within this time, the student can purchase a 45-day deadline extension before the deadline passes.
    3. If the exam deadline passes and was not extended, the student can challenge the exam at a SANS Alumni discount for having taken the corresponding SANS class. (I didn't ask for how long after the deadline the discount will be honored.)
    4. The SANS Alumni discount only applies to challenging a GIAC exam corresponding to a SANS class previously taken by the alumni and after the deadline has passed with no extension taken.

    All that just to see how to save $200US.
    JDMurray,

    Do you know perhaps whether taking OnDemand, vLive or Self-Study training will allow for the lower certification price $579?

    Regards,

    J.
    Reply With Quote Quote  

  5. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,600
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #29
    Yes, US$579 is curently the GIAC exam price if you sign up to take the exam when you purchase the classroom, vLive, and OnDemand training. For self-study, the exam challenge cost is US$999.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  6. Junior Member Jurgenius's Avatar
    Join Date
    Jun 2013
    Location
    Croatia
    Posts
    2

    Certifications
    CCNA, CCSA, CCSE, Websense Certified TRITON Web Olymipian
    #30
    Quote Originally Posted by JDMurray View Post
    Yes, US$579 is curently the GIAC exam price if you sign up to take the exam when you purchase the classroom, vLive, and OnDemand training. For self-study, the exam challenge cost is US$999.
    Thanks for the post!

    J.
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Jan 2012
    Posts
    450

    Certifications
    CISSP, GSLC, GISP, GSEC, GCED, GCIH, GCIA-g, GPEN, GWAPT, GCFA, CEH
    #31

    Default List of Books by GIAC Authors or highly related

    Here is a list of books written by GIAC Instructors/Students/or people who have taken and pass GIAC Exams before.

    Note: I never said you would definitely pass base on these books, however, their content would be good enough to probably help you to get at least a pass in their training materials. You should buy a practice test at one of their site so as the gauge yourself if you are ready for the real exam. You should also actively scout yourself for other online resources that may aid you in the exam, a couple of others have post them in the forum. Please do not blame me if you cannot pass the exams, this are just recommendations from me out of good will.

    I compile this list for my future usage to reinforce my concepts, meaning I haven't had the time to read them before.

    GCIH
    Counter Hack Reloaded (Ed Skoudis, SANS Instructor for GCIH)
    Hacker Techniques, Tools, and Incident Handling (Jones & Bartlett Learning Information Systems Security & Assurance Series)
    Incident Response and Computer Forensics, Second Edition


    CISSP Study Guide (2nd Edition) (Eric Conrad)
    Page 329-331 (Incident Response Management)
    Chapter 10: Domain 9: Legal
    Cyber Laws for Europe/UK/US/Singapore/Japan/Germany and other countries Found Online
    Virtualisation Escape materials found online

    GAWN
    Hacking Exposed Wireless (Joshua Wright, SANS Instructor for GAWN)
    Exam Note: Never took the exam with this book before

    GISP
    CISSP Study Guide 2nd Edition (Eric Conrad, SANS Instructor for GISP)
    Exam Note: I pass 76% with this book alone

    GCIA
    Practical Packet Analysis (Chris Sanders)
    Wireshark Network Analysis (Non GIAC Related)
    Network Intrustion Detection (Stephen Northcutt)
    Inside Network Perimeter Security (Stephen Northcutt)
    Intrusion Signature and Analysis (Stephen Northcutt)
    Internet Core Protocols

    Books Recommended by Stephen Northcutt (See the reviews)
    The Practice of Network Security Monitoring: Understanding Incident Detection and Response
    Tao of Security Monitoring
    Extrusion Detection: Security Monitoring for Internal Intrusions

    Latest Snort Manual: SNORT Users Manual 2.9.5 *Some questions answers can be found in Snort Manual

    Exam Warning: There is a section on the exam that ask about the latest technology and detection tools. You cannot find them in any of the books. Neither it is easy to find them online.

    GSEC
    Having study CISSP, the recommendation I can give in regards to GSEC, it is about 8 domains from CISSP and another two books of GSEC are windows and unix related.

    CISSP Study Guide (2nd Edition) (Eric Conrad)
    - Minus Hardware Architecture
    - Minus Software Development
    Network Security Bible (Eric Cole) *Someone reviewed on the Amazon page that they use it along for GSEC course
    -Microsoft® Windows® Security Resource Kit
    - Linux Administration: A Beginner's Guide, Fifth Edition
    GCFA

    Please see, An Eye on Forensics: Studying for the GCFA certification: Part 1


    Most from the list is prepared for myself to challenge the GSE Exam, but some is prepared for additional reading if I have the interest in the future to branch into those field. I will be preparing for my GSE after my OSCP. I intend to use the experience from OSCP to cover part of the GSE hands on lab domain.

    Not Sure where to place this
    Advance Persistent Threat (Eric Cole)
    Last edited by LionelTeo; 10-07-2013 at 05:04 PM.
    Reply With Quote Quote  

  8. Member
    Join Date
    Jul 2010
    Posts
    42

    Certifications
    MCSE A+ Network+ Security+ CCNA CCNP ITIL
    #32
    Thanks LionelTeo!
    Reply With Quote Quote  

  9. Junior Member Registered Member
    Join Date
    Nov 2013
    Posts
    10
    #33
    sounds good..
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Jan 2012
    Posts
    450

    Certifications
    CISSP, GSLC, GISP, GSEC, GCED, GCIH, GCIA-g, GPEN, GWAPT, GCFA, CEH
    #34
    A new book I had found recently is The Hacker Playbook: Practical Guide To Penetration Testing: Peter Kim: 9781494932633: Amazon.com: Books by an Author with GXPN, of course this would not be sufficient enough to undertake GXPN. GXPN require a mixture knowledge of Scapy, Sully Framework, Windows and Linux Stack Smashing, GDB debugger and windows debugger, Python. This can be covered with Violent Python (Written by a GSE, OCSE), The Art Of Hacking by Jon Erickson, Shellcoders Handbook, and the Sulley framework manual. I will give it an attempt in the future (but not so soon), if I can cleared my GSE. GXPN and OCSE are probably my top choice of certs.

    Amazon also had great tons of other books, I saw one for malware reverse engineering (GREM, anyone?) and other great stuff. If your totally new to GIAC exam, you may want to go for a course and see how the exam goes, but once your familiar with the exam environment, I am pretty sure you can net those without going for course; most importantly, spend a 15 to 30 mins everyday to read something.

    GCIH is probably the easiest to challenge, given the syllabus to so similar to CEH with the exception of incident handling being omitted out, if you can pass CEH by studying yourself, GCIH should be no problem.I highly recommend to challenge yourself for a start, once you passed the first challenge, you will you can undertake more challenge, and then your certification choice would open up to a lot from GIAC. Of course do remember to give back to the organization by recommending your company to send your fellow mate for GIAC course

    :P Good luck for those who intend to try. Remember, its not about the failure, its about not giving up!
    Last edited by LionelTeo; 04-10-2014 at 09:47 AM.
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Jan 2012
    Posts
    450

    Certifications
    CISSP, GSLC, GISP, GSEC, GCED, GCIH, GCIA-g, GPEN, GWAPT, GCFA, CEH
    #35
    I had updated the previous mention book list here!
    GIAC Certifications
    Reply With Quote Quote  

  12. Sith Lord SephStorm's Avatar
    Join Date
    Dec 2009
    Location
    Atlanta, GA
    Posts
    1,707

    Certifications
    GPEN, GCIH, SFCP, CPT, CEH, QND
    #36
    I was just reviewing this, I don't believe I see any GPEN material here. I'll post this, reposted from LionelTeo:

    GPEN (Take After GCIH) (Requires: Projecting Scoping, Scanning Fast, Pivoting, Command Prompts Scanning) The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy Advanced Penetration Testing Guide for Highly Secured Enviroment (the ultimate security guide) Metasploit: The Penetration Tester Guide The Hackers Playbook
    Last edited by SephStorm; 11-05-2014 at 07:51 AM.
    Reply With Quote Quote  

  13. Senior Member
    Join Date
    Jan 2012
    Posts
    450

    Certifications
    CISSP, GSLC, GISP, GSEC, GCED, GCIH, GCIA-g, GPEN, GWAPT, GCFA, CEH
    #37
    GCIH Additional Notes
    http://www.sans.org/reading-room/whi...handbook_33901

    http://www.blueteamhandbook.com/about.html

    Revised GCIA Matrials
    Practical Packet Analysis (Chris Sanders)
    Network Intrustion Detection (Stephen Northcutt)
    Inside Network Perimeter Security (Stephen Northcutt)

    Books Recommended by Stephen Northcutt (See the reviews)
    The Practice of Network Security Monitoring: Understanding Incident Detection and Response

    Latest Snort Manual: SNORT Users Manual 2.9.5
    Last edited by LionelTeo; 04-11-2015 at 06:40 AM.
    Reply With Quote Quote  

  14. Member
    Join Date
    Dec 2015
    Posts
    30

    Certifications
    GCIH
    #38
    Some user posted about GCIH certification preparation material but it seems very old books and I think isn't much.
    What other books are good for the GCIH preparation?

    I thought about these books:
    1. Hacking: The art of exploitation
    2. penetration testing hands on introduction to hacking.

    any suggestions?

    P.S I' planning to take GCIH exam in about 4-5 month.
    Reply With Quote Quote  

  15. Senior Member
    Join Date
    Feb 2015
    Location
    Tampa, FL
    Posts
    277

    Certifications
    GPEN/GCIH/CEH
    #39
    Just adding this in:

    GREM: Practical Malware Analysis
    Reply With Quote Quote  

  16. Senior Member
    Join Date
    Jan 2012
    Posts
    450

    Certifications
    CISSP, GSLC, GISP, GSEC, GCED, GCIH, GCIA-g, GPEN, GWAPT, GCFA, CEH
    #40
    Hacking: The art of exploitation is about debugging/shell code and buffer overflowing the stack manually. I had the book and read through it, it is more for GXPN material. For GCIH, still counter hack reloaded for stuff that didn't change in this 10 years, hacking exposed latest version to cover latest attack technique. Google everything else while taking the two free practice test that comes with buying the actual exam.
    Reply With Quote Quote  

  17. Senior Member
    Join Date
    Feb 2015
    Location
    Tampa, FL
    Posts
    277

    Certifications
    GPEN/GCIH/CEH
    #41
    Anything for GCFE? Saw someone ask online, we don't have anything.
    Reply With Quote Quote  

  18. Senior Member
    Join Date
    Apr 2012
    Posts
    231

    Certifications
    A+, Security+, CCENT, C|EH, GCFE, GCFA, GREM
    #42
    Quote Originally Posted by SaSkiller View Post
    Anything for GCFE? Saw someone ask online, we don't have anything.
    For GCFE I would recommend taking the red "Evidence Of" poster that SANS distributes for FOR 408, and finding articles on how to handle each of the individual artifacts. SANS posts many guides on how to parse and analyze each artifact individually, and so do other companies like Magnet Forensics. That should get you through the individual artifact analysis questions. For the larger picture questions on the principles of evidence collection and handling, I'd recommend "Incident Response & Computer Forensics: Third Edition."

    https://www.amazon.com/Incident-Resp.../dp/0071798684
    Reply With Quote Quote  

+ Reply to Thread
Page 2 of 2 First 12

Social Networking & Bookmarks