What's your favorite Sans course and why?
YuckTheFankees
Member Posts: 1,281 ■■■■■□□□□□
in GIAC
Just like the title says, what's your favorite Sans course and why?
Comments
-
TechGromit
Member Posts: 2,156 ■■■■■■■■■□
So far? SANS 504, very interesting material, well rounded course. Love authors stories on the MP3, also the GCIH is a highly desirable certification by potential employers.Still searching for the corner in a round room. -
![[Deleted User]](https://us.v-cdn.net/6030959/uploads/defaultavatar/nE1RZK93BLG3K.jpg)
[Deleted User]
Senior Member Posts: 0 ■■□□□□□□□□
560. Overall well designed/balanced course on penetration testing! -
al88
Member Posts: 62 ■■■□□□□□□□
508.. it's where I've found real usable Practical knowledge for my everyday Enterprise investigations. A lot of the other defensive courses does give value but rarely used it it's not your job title/description.
The anti-forensic methods of 508 applies for offensive specialists too. -
JoJoCal19
Mod Posts: 2,835 Mod
I've only done 401 and 503, however I'd vote for 504 or 560 just based on reading over the course descriptions on SANS' site. Plus Ed Skoudis is the best.Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework -
Randy_Randerson
Member Posts: 115 ■■■□□□□□□□
So I'll list out what I've taken as context to what one is my favorite:
SEC504 (GCIH)
SEC560 (GPEN)
SEC660 (GXPN)
SEC617 (GAWN)
SEC542 (GWAPT)
SEC575 (GMOB)
SEC573 (GPYC)
FOR408/500 (GCFE)
FOR508 (GCFA)
FOR518
FOR526
FOR585 (GASF)
FOR578 (GCTI)
FOR572
FOR610 (GREM)
Out of all of them, I feel the most fun has been SEC575. Phone are not going anywhere in both corporate environments and personal. Learning how to break an Android app or doing packet captures through your iPhone can be very vital if you're just doing bug bounties or if you're trying to see if something is spying on you...OR if your companies app is broadcasting your creds in the clear.
Far as the most relevant to my job, can't fail with GCFA regardless if you do DFIR or if you're looking at Red Teaming. -
LWB250
Member Posts: 59 ■■■□□□□□□□
I would concur on 504. I was lucky and got to do work study for mine that was taught by John Strand. John did a fantastic job and was very engaging, which is hard to do in a course with this level of material and the time it takes to teach it.
This was the third SANS class I've done in person, and by the fourth or fifth day you can be really wiped out with brain overload. John did a great job keeping the conversation on point, providing real world examples of the material application, and staying engaged with the participants.
I'm not diminishing the performance of my other instructors, just saying that John has been the best I've had so far, which made 504 my favorite. -
sb97
Member Posts: 109
Resurrecting an older thread that came up while I was search for past posts about FOR578 and the GCTI.
The most fun class I took was SEC503 partially due to the instructor Mike Poor. The best and most relevant class I have taken is FOR508. I did that one on demand so I missed out on some of the live experience but the subject material is the most relevant to what I was doing professionally at the time. -
MalwareMike
Member Posts: 147 ■■■□□□□□□□
I've only taken SEC401 and SEC504 but I start SEC542 on Monday...and I'm hoping it will be my favorite course thus far.Current: GSEC, GCIH, GCIA, GWAPT, GYPC, RHCSA, WCNA
2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
Twitter: https://twitter.com/Malware_Mike
Website: https://www.malwaremike.com
