Options

Passed GWAPT

MalwareMikeMalwareMike Member Posts: 147 ■■■□□□□□□□
I passed my third SANS certification this year (GSEC and GCIH) and I would say GWAPT was the definitely the toughest out of the three...but it really wasn't that bad, especially if you have a good index.

SEC542 class:

PROS: This was my first in-person SANS course and there were pros and cons to it. Pros: I hear with in-person classes, you always get the most updated coursework but I don't know if thats the case with on-demand. I really liked being around other individuals who were security fans like myself and overall just a bunch of intelligent people. I would say the biggest pro to me was being able to talk to the teacher face to face and pick his brain about anything and everything. For me, I asked him about bug bounties, most common bugs nowadays, thoughts on OWASP, etc...it was nice getting an honest opinion from a web app pentester rather than reading reddit threads lol

CONS: I missed having on-demand videos to watch whenever I was stuck on a concept or just wanting to review a topic. I mentioned I liked being around other security professionals but I noticed barely anyone talked to people outside of who they came with to the conference. Lastly, I feel like they can add more material to the course...if I took out the morning/evening break, lunch, and the time we spent on labs, I would guess we were being taught for 4-5 hours a day. Yes I know labs are important but I feel like we spent way too long on them (just my opinion though).

Labs: The labs are super fun and interesting, especially if you are new to the field. Knowing some SQL, HTML, and JS would definitely help you absorb the material better.

Practice Exams: SANS does a great job with their practice exams. From my experience, if you get anywhere in the 80s with them, you are good to go. I always try to use both of the practice exams, unless I get a 90+ on the first attempt.

Exam: I would say the difficulty is probably a 5/6 out of 10.
Current: GSEC, GCIH, GCIA, GWAPT, GYPC, RHCSA, WCNA
2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
Twitter: https://twitter.com/Malware_Mike
Website: https://www.malwaremike.com

Comments

  • Options
    SaSkillerSaSkiller Member Posts: 337 ■■■□□□□□□□
    What information was particularly useful for the exam? Any labs you would say should be focused on?
    OSWP, GPEN, GWAPT, GCIH, CPT, CCENT, CompTIA Trio.
  • Options
    TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    1. I passed my third SANS certification this year (GSEC and GCIH) and I would say GWAPT was the definitely the toughest out of the three...but it really wasn't that bad, especially if you have a good index.

    2. PROS: This was my first in-person SANS course and there were pros and cons to it. Pros: I hear with in-person classes, you always get the most updated coursework but I don't know if thats the case with on-demand.
    1. I actually thought GCIH was more difficult since it covered a much larger amount of information. I suppose like anything it depends on your past experience and knowledge areas though.

    2. You get the newest material either way, and your exam is based on the material you received, which is why you have a limit on how far you can extend the exam attempt. Potentially the on-demand videos could be based on the previous set of materials if they did not record a new course yet, however the immediate previous version as well as the next version aren't really too different as far as the content it seems like....and the exams are based on the actual text anyways not necessarily what the instructor says.
  • Options
    MalwareMikeMalwareMike Member Posts: 147 ■■■□□□□□□□
    SaSkiller wrote: »
    What information was particularly useful for the exam? Any labs you would say should be focused on?

    I believe the labs helped a lot with the exam questions that showed an attack scenario or piece of code...you'll see it and your mind will go straight to whichever lab is relevant to the question.
    Current: GSEC, GCIH, GCIA, GWAPT, GYPC, RHCSA, WCNA
    2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
    Twitter: https://twitter.com/Malware_Mike
    Website: https://www.malwaremike.com

  • Options
    Info_Sec_WannabeInfo_Sec_Wannabe Member Posts: 428 ■■■■□□□□□□
    Congrats on the pass and thanks for the review! icon_cheers.gif

    This is one of the certs that I'm aiming for in the next 2 to 3 years (depending on where life will take me).
    X year plan: (20XX) OSCP [ ], CCSP [ ]
  • Options
    TikrithTikrith Registered Users Posts: 8 ■□□□□□□□□□
    Again, congrats on the pass!

    I was considering taking this one as a live class, but when i looked at the course materials... they did not mention books. Do they not provide books for the live classes? We had them for GSEC, but they were listed in the course materials, too.
  • Options
    MalwareMikeMalwareMike Member Posts: 147 ■■■□□□□□□□
    Tikrith wrote: »
    Again, congrats on the pass!

    I was considering taking this one as a live class, but when i looked at the course materials... they did not mention books. Do they not provide books for the live classes? We had them for GSEC, but they were listed in the course materials, too.

    You get books for every Sans course you attend...live, ondemand, etc...
    Current: GSEC, GCIH, GCIA, GWAPT, GYPC, RHCSA, WCNA
    2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
    Twitter: https://twitter.com/Malware_Mike
    Website: https://www.malwaremike.com

  • Options
    LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    Grats and good job! And thanks for the review. I'm actually hoping to get this course taken Q1 2019.

    I hear you about the in-person thing. I think the biggest take-away is to say hello every morning to the people around you and at least ask where they're from or their background when you have a chance. Feels like many just say nothing until day 6 if there is a group capstone exercise. At the very least, I try to not be shy about my name or location (so people can look me up on LinkedIn to connect) or carry some personal business cards (nothing stuffy and formal that make me look full of myself) to hand out casually so someone can connect if they choose to. I try to put the honus on them to connect if they want, so they can stay anon or not at will.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • Options
    kapujkapuj Registered Users Posts: 1 ■□□□□□□□□□
    Hey there, good job on passing the exam. I am hoping you could help me out a bit. I attended the SANS 542 last year and
    have been preparing for the exam, but unfortunately my laptop got
    stolen along with most of my materials for the course. And since my
    password manager was on the laptop too, I lost access to my SANS
    account, without which SANS can't provide the materials to me, easily.
    Could you please share with me our lab VM? I am still having trouble
    understanding Shellshock and some of the other lab subjects and I hope
    to make up for it with more practice.
  • Options
    quogue66quogue66 Member Posts: 193 ■■■■□□□□□□
    Hmmmm....sounds pretty suspicious. Whenever I had issues with passwords or materials SANS was able to help me out very easily. They made the material available for download via a temporary link and mailed me out a new USB. When I changed email addresses they helped merge the info from two accounts into a single account.
  • Options
    Mike7Mike7 Member Posts: 1,107 ■■■■□□□□□□
    Your SANS login is your email; so you can always reset your password and ask SANS for help.
Sign In or Register to comment.