GCIH Self Study

ivandavids

Hi all


I am interested in doing the GCIH but cannot afford to attend any of the classes. Has anyone on this forum successfully completed the GCIH certification by self study?

Please advise what study material you used.

636-555-3226

The exams are based off of the books. Sometimes verbatim. It is very possible to pass the exam on your own, but you'll need to be very, very good and know the material by heart (such as if you have been working in that area for a few years already). GIAC exams aren't something you can just pick a random book up, skim through it some, and then take the test. If you don't have the official SANS books in front of you then you need to be intimately familiar with the topics.

LionelTeo

Counter Hack reload for foundation
Latest version of Hacking Exposed for anything new in this 10 years
Blue team handbook

Get a 129 USD practice test and google anything that you aren't sure of, try to get near 70% and use print out all related materials for the extra 10% bump. You should be able to hit 80% to pass.

Roger_rex

Good to have a look at Ebay for second hand official books. I bought one set recently and it's otw to me. I work as an ITSO for a managed security service provider and have some experience in incident handling, including customized document creation. I am hoping that the books will help me pass the exam after few weeks of intensive study and indexing. For overall grasp of incident handling, I found " Blue Team Handbook: Incident Response Edition: A condensed field guide for the Cyber Security Incident Responder " is a fantastic book to start.

ivandavids

Thank you all for the advice

NerdsRus

ivandavids I was exactly where you were and as one of the other guys posted YOU MUST HAVE THE BOOKS! There's no way you will pass this exam without them, because it's written 100% from the text. Expect to pay about 600 bucks for the exam, but it's well worth it.

cyberguypr

This simply is not true since many pass the exam without taking the course. Tell me it's difficult and your chances of passing diminish, but do NOT day you can't pass, because it's a blatant lie.

LionelTeo

I had done plenty of them without going for the course, so it is possible. You just had to be resourceful enough. Some SANS instructors and certified professional published book on their own free time, to list some of the examples are

Counter Hack Reloaded by Ed Skoudis, Previous Course Author for GCIH
Blue Team Handbook by Don Murdoch, GSE, contents vetted by Ed Skoudis

Chris Sanders, Eric Cole, Stephen Sims and Johnathan Ham are some of the associated certified professionals and instructors that had some the published books you can bought.

Secondly, knowledge is always the same, they are taught and presented differently. I personally classify them into two areas, underlying concepts that did not change over the years, and new changes to the cybersecurity landscape. The key is to understand the underlying concept and know how to apply it. Getting other books associated with the exam syllabus will bring you to close to passing the exam. 3-4 books should be sufficient to cover what you would required for you to take the exam.

Once ready, finish up with getting the practice test from the site, treat the pratice test as if it was the real open book exam. But hit up google and print out the extra materials that you would required. You should get close to 80%, which is enough to pass the exam.

ivandavids

I will definitely be purchasing the books mentioned. Unfortunately I cannot afford to take the classes.

TechGromit

Roger_rex wrote: »

Good to have a look at Ebay for second hand official books. I bought one set recently and it's otw to me. I work as an ITSO for a managed security service provider and have some experience in incident handling, including customized document creation. I am hoping that the books will help me pass the exam after few weeks of intensive study and indexing.

This really depends on how old the books are, A co-worker let me look at his three year old book set before I took SANS 504. There were quite a few differences between the two. One example was there were several types of switch and router hacks in his book set and none in the new set I was issued.

NerdsRus wrote: »

Expect to pay about 600 bucks for the exam, but it's well worth it.

Actually the exam is $1,149, even the discounted exam when you take the class is $659. It's not a test to be taken lightly, other certifications exams that cost $250 look dirt cheap in comparison.

ivandavids

I've checked on Amazon and the books I found are a bit outdated.

Counter Hack Reloaded - 2006

GCIH 2nd edition - 2011

Blue Team Handbook - 2014

NetworkNewb

ivandavids wrote: »

Counter Hack Reloaded - 2006

Oldie but a goodie. There is some outdated material in there of course, but very well written, easy to read, and great concepts.

LionelTeo

GCIH 2nd Edition is a terrible book, books such as this is merely created for earning quick bucks.

Counter Hack Reloaded still have very useful stuff that is inline with the course. For example, Nmap scans, buffer overflow and format string attacks had not changed a single bit in this 10 years.

Try
https://www.amazon.com/Incident-Response-Computer-Forensics-Third/dp/0071798684/ref=pd_sim_14_10?ie=UTF8&dpID=51WobyQxGGL&dpSrc=sims&preST=_AC_UL160_SR129%2C160_&psc=1&refRID=7C9675CGEVR5H461Z60Z

https://www.amazon.com/Hacking-Exposed-Network-Security-Solutions/dp/0071780289/ref=sr_1_1?s=books&ie=UTF8&qid=1467301518&sr=1-1&keywords=hacking+exposed+8

berto_tester

I have recently taken the GCIH and I think it could be passed without taking the course. But I really think the value in the GIAC certs come from having taken the SANS training that goes along with it. I did also hear that the course is undergoing a rewrite soon, so you may want to look into that. I did buy the Counter Hack Reloaded book, but didnt waist my time with it as I had the course material to use.
If you dont have the course books I would say the "Open Book" part of it goes right out the window, because you are generally looking for something specific when referencing the books.

I think SANS and GIAC are trying to prevent the "Cram to Exam" plague that happens on many IT certification platforms.

If your goal is to learn something, and know the material, then take the course. If you just need some certs to get a job; then get some different certs until you get to a place where your employer will pay for SANS, or you can pay for it yourself.

TechGromit

berto_tester wrote: »

I did also hear that the course is undergoing a rewrite soon, so you may want to look into that.

I believe they make changes to the course at least once a year, not a complete rewrite, they just update the material in the books, add some stuff, take others away. This is why if you acquiring books for Ebay, you want them to be current as possible. I really don't believe they can completely rewrite the course, lets say you took the course in May and they completely re-write the course (and exam) in June, there just no way you could pass the exam because the material in the books you just got is all outdated. I think you be pretty pissed, I know I would be.

BillHoo

Beware.

I've looked at some materials online for GCIH related study material. Found a few sites that referenced applications that I did not see in the SANS Courseware.

I then looked up these apps and found they were related to vulnerabilities in Windows 2000 and Win XP. I think the CURRENT SANS courseware doesn't cover those older OS. So they are probably not relevant to the exam.