GMOB Cert

dlmyersdlmyers Registered Users Posts: 3 ■■□□□□□□□□
Taking the GMOB cert on Saturday. I haven't seen much posted about it. Has anyone taken it? I'd appreciate some perspective. Worried about some of the coding in the course and whether or not the real test is similar to the practice tests (which didn't have any code). Coding is on the list but I'm not there yet.

Comments

  • johndoeejohndoee Member Posts: 152 ■■■□□□□□□□
    dlmyers wrote: »
    Taking the GMOB cert on Saturday. I haven't seen much posted about it. Has anyone taken it? I'd appreciate some perspective. Worried about some of the coding in the course and whether or not the real test is similar to the practice tests (which didn't have any code). Coding is on the list but I'm not there yet.

    I wasn't going to respond. But since over 100 people viewed it and didn't respond, I thought I would.

    It is a certification exam that I have failed more than once. I will say that.

    I found that it was hard FOR ME. Interestingly enough, I took it through a WorkStudy. I am going to make an excuse right about now:

    -The course was not my first pick.
    -The course was not my second pick.
    - I am sure it was somewhere near my last pick.

    I am not sure what order the course was, but I am sure it was at the bottom of my list next to the bottom of the page. Probably was my last pick. Either way, I was like I will do it anyway. Why not. So, I was just looking for a GIAC certification, although I didn't obtain that particular one. What I will say is that I took the course out of the desire for a cert that starts with G rather than my interest in the course..which resulted in my failure, possibly. I had no passion. Mobile Device forensics was not anywhere near my field of expertise or desires. Mobile Device code and how it works and security wasn't something I dived deep into the 6ft pool to understand. I stayed in the 4ft pool. I understood the above basics. I did the Work Study, enjoyed it. It is just the material didn't cater to my current job or any job I had my eyes on in the future. It still does not, later on down the road.

    I am 100% positive some coding was involved. I think it was more along the lines of back end Android/iOS/Google or whatever other devices were involved. I don't remember, I don't have the books they are in another state, so don't quote me on it. Within the past several years since I have failed it last I am sure the course could have changed a bit here and there.

    Either way. Good Luck. I will be looking for the I passed GMOB exam today post.
  • al88al88 Member Posts: 62 ■■■□□□□□□□
    I'm honestly more interested in terms of GMOB vs GASF ..

    Is one recommended to be taken before the other one (assuming GMOB is the broad one just like GCIH to GCFA)?
    Or is one more offensive compared to a pure DFIR one?

    Both certs doesn't have enough coverage, unfortunately, even though mobiles are becoming a fixed point of nowadays Enterprise's hardening/investigations more than ever.

    I seek answers too icon_study.gif
  • Randy_RandersonRandy_Randerson Member Posts: 115 ■■■□□□□□□□
    dlmyers
    GMOB Cert
    Taking the GMOB cert on Saturday. I haven't seen much posted about it. Has anyone taken it? I'd appreciate some perspective. Worried about some of the coding in the course and whether or not the real test is similar to the practice tests (which didn't have any code). Coding is on the list but I'm not there yet.

    Since I"m going to miss you before your cert, don't focus TOO heavily on coding. No GIAC cert is going to put that much focus on it unless it is a DEV course or the Python SEC course. What you need to know will definitely be in those books. How to read and interpret stuff from cli is going to be HUGE. Make sure you know your tools and what could be used for each type of device (Android v. iOS). Good luck today!

    al88 wrote: »
    I'm honestly more interested in terms of GMOB vs GASF ..

    Is one recommended to be taken before the other one (assuming GMOB is the broad one just like GCIH to GCFA)?
    Or is one more offensive compared to a pure DFIR one?

    Both certs doesn't have enough coverage, unfortunately, even though mobiles are becoming a fixed point of nowadays Enterprise's hardening/investigations more than ever.

    I seek answers too icon_study.gif

    I have both GMOB and GASF (along with 10 other GIAC certs, this include GCIH and GCFA as well). I have told SANS instructors to even take the vice versa course been FOR585 and SEC575 (yes Heather and Josh respectively). Why? Because they feed off of one another in ways that separately you are not nearly as strong as you would be if you had both. SEC575 is going to show you hard and true what makes iOS so much more secure than Android in terms of things like boot sequence + secure enclave + software updates. You'll not only learn what jailbreaking/rooting a device is, but WHY it can be done. This is important because those are things that you just are not going to get into with FOR585 because there is so much other stuff they go over. For instance, in SEC575 you are not going to learn how to actually build out a SQL statement for a SQLi database to parse chat messages. But you will in FOR585! Likewise, you will go over in Android how to create a malicious Android app with cert pinning and everything. In FOR585 you'll just learn how to decompile the apk and submit it for malware analysis through a web portal. So you can really take this full circle!

    Frankly SEC575 and FOR585 are my two favorite classes that SANS has to offer. As you said, mobile device are not going anywhere. Having the knowledge of how these devices tick is going to make you that much better over your peers IMO. It is an area of InfoSec that still sadly lacks in my opinion, namely because it isn't as sexy as trying to break into a network or as easy as analyzing a Window OS. Let me know if you have other questions!
  • dlmyersdlmyers Registered Users Posts: 3 ■■□□□□□□□□
    Well, that was a roller coaster! Through coverage of the material and some obscure facts as SANS is known to do. This completes the Pen Testing and Ethical Hacking Graduate Certificate for me. I'm relieved and beyond happy. Thanks for the responses, the code part was minimal and you just had to know he material well along with a good index.

    I'd recommend the course and the grad cert program (through the GI Bill). I'm amazed at all I've learned. Next stop, CISSP.
  • al88al88 Member Posts: 62 ■■■□□□□□□□

    I have both GMOB and GASF (along with 10 other GIAC certs, this include GCIH and GCFA as well). I have told SANS instructors to even take the vice versa course been FOR585 and SEC575 (yes Heather and Josh respectively). Why? Because they feed off of one another in ways that separately you are not nearly as strong as you would be if you had both. SEC575 is going to show you hard and true what makes iOS so much more secure than Android in terms of things like boot sequence + secure enclave + software updates. You'll not only learn what jailbreaking/rooting a device is, but WHY it can be done. This is important because those are things that you just are not going to get into with FOR585 because there is so much other stuff they go over. For instance, in SEC575 you are not going to learn how to actually build out a SQL statement for a SQLi database to parse chat messages. But you will in FOR585! Likewise, you will go over in Android how to create a malicious Android app with cert pinning and everything. In FOR585 you'll just learn how to decompile the apk and submit it for malware analysis through a web portal. So you can really take this full circle!

    Frankly SEC575 and FOR585 are my two favorite classes that SANS has to offer. As you said, mobile device are not going anywhere. Having the knowledge of how these devices tick is going to make you that much better over your peers IMO. It is an area of InfoSec that still sadly lacks in my opinion, namely because it isn't as sexy as trying to break into a network or as easy as analyzing a Window OS. Let me know if you have other questions!


    This was a great input and real eye opener. I've always disliked the overlap between SANS courses (looking at you FOR578 ) as i saw it as I'm not learning anything new, but I really see how they compliment each other depending at the course's end goal, as you really can't fit everything (with quality)in a single course.

    The way I see it from your explanation, is that i should go to SEC575 first to understand why everything the way it is, and based on it I'll be able to build policies and procedures for my enterprise. Then dive deep into FOR585 when and if things go wrong or at least to prepare for that.

    What do you think?
  • al88al88 Member Posts: 62 ■■■□□□□□□□
    dlmyers wrote: »
    Well, that was a roller coaster! Through coverage of the material and some obscure facts as SANS is known to do. This completes the Pen Testing and Ethical Hacking Graduate Certificate for me. I'm relieved and beyond happy. Thanks for the responses, the code part was minimal and you just had to know he material well along with a good index.

    I'd recommend the course and the grad cert program (through the GI Bill). I'm amazed at all I've learned. Next stop, CISSP.

    Congrats!! icon_cheers.gif
  • Randy_RandersonRandy_Randerson Member Posts: 115 ■■■□□□□□□□
    al88 wrote: »
    This was a great input and real eye opener. I've always disliked the overlap between SANS courses (looking at you FOR578 ) as i saw it as I'm not learning anything new, but I really see how they compliment each other depending at the course's end goal, as you really can't fit everything (with quality)in a single course.

    The way I see it from your explanation, is that i should go to SEC575 first to understand why everything the way it is, and based on it I'll be able to build policies and procedures for my enterprise. Then dive deep into FOR585 when and if things go wrong or at least to prepare for that.

    What do you think?

    Great question! I did FOR585 first, but that is because my day job then was DF. I would think your assessment is on point though in respects to taking SEC575 first and then going and doing FOR585. The reason behind this is you'll understand what and how the device is working and why apps may be making certain calls. The only issue there could be is that Josh Wright is going to focus heavily on Android because of the open-source nature of the apps and how much easier it is to decompile them and analyze them. Meanwhile, Heather put a ton of focus on iOS because it is the most popular OS out there.

    Courses I would tell folks to look at before SEC575 to get a "leg up" on the day 6 challenge are . SEC617 and SEC542. Little bit of carry over, but not much. Especially since in SEC575 you're going to learn how to packet capture from your actual phone's transmissions as opposed to just passively sniffing.
Sign In or Register to comment.