What's your favorite Sans course and why?

YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
Just like the title says, what's your favorite Sans course and why?


  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    So far? SANS 504, very interesting material, well rounded course. Love authors stories on the MP3, also the GCIH is a highly desirable certification by potential employers.
    Still searching for the corner in a round room.
  • [Deleted User][Deleted User] Senior Member Posts: 0 ■■□□□□□□□□
    560. Overall well designed/balanced course on penetration testing!
  • al88al88 Member Posts: 62 ■■■□□□□□□□
    508.. it's where I've found real usable Practical knowledge for my everyday Enterprise investigations. A lot of the other defensive courses does give value but rarely used it it's not your job title/description.

    The anti-forensic methods of 508 applies for offensive specialists too.
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    I've only done 401 and 503, however I'd vote for 504 or 560 just based on reading over the course descriptions on SANS' site. Plus Ed Skoudis is the best.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • Randy_RandersonRandy_Randerson Member Posts: 115 ■■■□□□□□□□
    So I'll list out what I've taken as context to what one is my favorite:

    SEC504 (GCIH)
    SEC560 (GPEN)
    SEC660 (GXPN)
    SEC617 (GAWN)
    SEC542 (GWAPT)
    SEC575 (GMOB)
    SEC573 (GPYC)

    FOR408/500 (GCFE)
    FOR508 (GCFA)
    FOR585 (GASF)
    FOR578 (GCTI)
    FOR610 (GREM)

    Out of all of them, I feel the most fun has been SEC575. Phone are not going anywhere in both corporate environments and personal. Learning how to break an Android app or doing packet captures through your iPhone can be very vital if you're just doing bug bounties or if you're trying to see if something is spying on you...OR if your companies app is broadcasting your creds in the clear.

    Far as the most relevant to my job, can't fail with GCFA regardless if you do DFIR or if you're looking at Red Teaming.
  • LWB250LWB250 Member Posts: 59 ■■■□□□□□□□
    I would concur on 504. I was lucky and got to do work study for mine that was taught by John Strand. John did a fantastic job and was very engaging, which is hard to do in a course with this level of material and the time it takes to teach it.

    This was the third SANS class I've done in person, and by the fourth or fifth day you can be really wiped out with brain overload. John did a great job keeping the conversation on point, providing real world examples of the material application, and staying engaged with the participants.

    I'm not diminishing the performance of my other instructors, just saying that John has been the best I've had so far, which made 504 my favorite.
  • sb97sb97 Member Posts: 109
    Resurrecting an older thread that came up while I was search for past posts about FOR578 and the GCTI.

    The most fun class I took was SEC503 partially due to the instructor Mike Poor. The best and most relevant class I have taken is FOR508. I did that one on demand so I missed out on some of the live experience but the subject material is the most relevant to what I was doing professionally at the time.
  • MalwareMikeMalwareMike Member Posts: 147 ■■■□□□□□□□
    I've only taken SEC401 and SEC504 but I start SEC542 on Monday...and I'm hoping it will be my favorite course thus far.
    2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
    Twitter: https://twitter.com/Malware_Mike
    Website: https://www.malwaremike.com

Sign In or Register to comment.