Passed GWAPT
Randy_Randerson
Member Posts: 115 ■■■□□□□□□□
in GIAC
This was my ninth GIAC cert and probably the toughest one I've taken. Largely because I'm not super comfortable with SQL. I ended up passing with a 80% on the test and hope that if I can provide anything to the community, I should try at least.
Method: On-Demand
Time of Study:100 days (STI Program)
Additional Resources: https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470
Size of Index: 54-pages
Day 1 Expectation: Unlike most of the other courses I've taken, this one didn't start with things like Methodologies, Report Writing, etc. Instead it started you off right away on things like Open-Source information gathering, Google Searching, DNS zone transfers/querying and the like. Lots on HTTP and HTTPS along with cipher reading and Heartbleed.
Day 1 Advice: Labs were fun and you definitely should know what you are looking at with DNS and the different commands within dig. Heartbleed lab is informative and know what and how heartbleed works. Google searching techniques and researching Google Dorks is a must.
Day 2 Expectation: Scanning with Nmap. Profiling with Netcat. Spidering a website. And Authentication/username harvesting.
Day 2 Advice: Be ready to read and interpret nmap results. Know what Netcat is going to throw out to you when you run it against a server. Understand default pages and what is contained on them from a web server. Read over the Authentication stuff a few times to ensure you understand how they work and what to look for within no only Responses, but also the various username/password boxes.
Day 3 Expectation: This is the injection day. Command Injection, LFI/RFI and SQLi are the money makers. Also at the beginning of the Day 3 are the session management.
Day 3 Advice: This is your money maker book. I think I had more questions come out of this book than any other. Know how to read Cookies. Know what to identify Directory Traversals and LFI. SQLi is self-explanatory. Know your statements!
Day 4 Expectation. This is your secondary money maker. 2nd most questions since you are dealing with XSS in it. You will also cover HTML Injection, AJAX and XXE as well.
Day 4 Advice: Know JS and XML as much as you can in terms of reading it. You are going to see a lot of stuff come your way in this book. I kept getting tripped up with XSS and injecting remote code and how it looked.
Day 5 Expectation: CSRF, Python Scripting, various tools (w3af, WPScan), and the pen testing methodologies/report writing.
Day 5 Advice: Know python and index it hard! Same with CSRF. Do all the labs in this book at least 3 times and make sure you understand what the tool is doing and what it is reporting.
Day 6: This is the Netwars stuff. Typically I don't do these while doing OnDemand because it isn't like you are winning a coin and I never feel they really "teach you" anything new. However, I did it with this class and it was a godsend!! Do it!!
Overall Impressions: Honestly, this was probably my favorite of any of the SANS courses I've taken. The material is pretty concise and the instructor they recorded was humorous and methodical in their lecture that you could understand it. I referenced my coursebooks for 99% of the actual test. I used the secondary reference only for like 2 questions and that was because the answers were not really sticking out to me. I feel like the labs do a great job enforcing the material and helping the student come to an understanding of what the tool is doing and not just "use this tool." Very much applies to what I wish to do when it comes to bug bounties. This is by no means a super advanced course. However, if you don't have a good understanding of SQL and other programming languages -- I can see where people would get tripped up.
Index Advice: I do my index a little differently. I went and got the statements for the 3 databases they reference and put them all in there. I also break down things like what each line in a HTTP Response Header are and what ones are mandatory. This is naturally all in the book, but when it comes time for a test -- I can reference 60 pages quicker than looking for it in a book. My index was in-depth. I basically put each python command within the index so when the question asked what a command did, I could find it fast.
Overall, it was a fair test. What I got wrong were just things I didn't know what it was. I finished with about 40 minutes to spare. So I could have looked up more questions. Glad this one is over! Pen Testing Certificate through STI is complete!
Method: On-Demand
Time of Study:100 days (STI Program)
Additional Resources: https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470
Size of Index: 54-pages
Day 1 Expectation: Unlike most of the other courses I've taken, this one didn't start with things like Methodologies, Report Writing, etc. Instead it started you off right away on things like Open-Source information gathering, Google Searching, DNS zone transfers/querying and the like. Lots on HTTP and HTTPS along with cipher reading and Heartbleed.
Day 1 Advice: Labs were fun and you definitely should know what you are looking at with DNS and the different commands within dig. Heartbleed lab is informative and know what and how heartbleed works. Google searching techniques and researching Google Dorks is a must.
Day 2 Expectation: Scanning with Nmap. Profiling with Netcat. Spidering a website. And Authentication/username harvesting.
Day 2 Advice: Be ready to read and interpret nmap results. Know what Netcat is going to throw out to you when you run it against a server. Understand default pages and what is contained on them from a web server. Read over the Authentication stuff a few times to ensure you understand how they work and what to look for within no only Responses, but also the various username/password boxes.
Day 3 Expectation: This is the injection day. Command Injection, LFI/RFI and SQLi are the money makers. Also at the beginning of the Day 3 are the session management.
Day 3 Advice: This is your money maker book. I think I had more questions come out of this book than any other. Know how to read Cookies. Know what to identify Directory Traversals and LFI. SQLi is self-explanatory. Know your statements!
Day 4 Expectation. This is your secondary money maker. 2nd most questions since you are dealing with XSS in it. You will also cover HTML Injection, AJAX and XXE as well.
Day 4 Advice: Know JS and XML as much as you can in terms of reading it. You are going to see a lot of stuff come your way in this book. I kept getting tripped up with XSS and injecting remote code and how it looked.
Day 5 Expectation: CSRF, Python Scripting, various tools (w3af, WPScan), and the pen testing methodologies/report writing.
Day 5 Advice: Know python and index it hard! Same with CSRF. Do all the labs in this book at least 3 times and make sure you understand what the tool is doing and what it is reporting.
Day 6: This is the Netwars stuff. Typically I don't do these while doing OnDemand because it isn't like you are winning a coin and I never feel they really "teach you" anything new. However, I did it with this class and it was a godsend!! Do it!!
Overall Impressions: Honestly, this was probably my favorite of any of the SANS courses I've taken. The material is pretty concise and the instructor they recorded was humorous and methodical in their lecture that you could understand it. I referenced my coursebooks for 99% of the actual test. I used the secondary reference only for like 2 questions and that was because the answers were not really sticking out to me. I feel like the labs do a great job enforcing the material and helping the student come to an understanding of what the tool is doing and not just "use this tool." Very much applies to what I wish to do when it comes to bug bounties. This is by no means a super advanced course. However, if you don't have a good understanding of SQL and other programming languages -- I can see where people would get tripped up.
Index Advice: I do my index a little differently. I went and got the statements for the 3 databases they reference and put them all in there. I also break down things like what each line in a HTTP Response Header are and what ones are mandatory. This is naturally all in the book, but when it comes time for a test -- I can reference 60 pages quicker than looking for it in a book. My index was in-depth. I basically put each python command within the index so when the question asked what a command did, I could find it fast.
Overall, it was a fair test. What I got wrong were just things I didn't know what it was. I finished with about 40 minutes to spare. So I could have looked up more questions. Glad this one is over! Pen Testing Certificate through STI is complete!
Comments
-
Info_Sec_Wannabe Member Posts: 428 ■■■■□□□□□□Congrats on the pass and thanks for the thorough review!X year plan: (20XX) OSCP [ ], CCSP [ ]
-
JoJoCal19 Mod Posts: 2,835 ModCongrats on the pass and great write-up! You do your index similar to mine. I have a column at the end with enough info so that I don't even have to really jump into the books. Was extremely helpful for the GCIA.Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework -
LonerVamp Member Posts: 518 ■■■■■■■■□□Grats! And good info here. The GWAPT has been on my list for 2019 and I'm looking forward to it!
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs? -
Randy_Randerson Member Posts: 115 ■■■□□□□□□□Info_Sec_Wannabe wrote: »Congrats on the pass and thanks for the thorough review!
Thanks so much my friend! This was the bane of my existence for a few weeks lol. There were definitely parts I wished I had studied more. -
Randy_Randerson Member Posts: 115 ■■■□□□□□□□Congrats on the pass and great write-up! You do your index similar to mine. I have a column at the end with enough info so that I don't even have to really jump into the books. Was extremely helpful for the GCIA.
GCIA is my next one up in November. I really need to get into those books sooner rather than later lol. The good news is I took it vLive so I have it with the actual class and up-to-date material. How were the labs? -
Randy_Randerson Member Posts: 115 ■■■□□□□□□□Congrats on the pass. This should be on my list next year.Grats! And good info here. The GWAPT has been on my list for 2019 and I'm looking forward to it!
Totally should be for anyone who is going to work in the area IMO. I found it to be the most fun for some reason. Lot of that goes that it didn't require a VPN to work on the labs, which most of the red team ones seem to require. That alone made it ideal while I was traveling abroad for work. -
JoJoCal19 Mod Posts: 2,835 ModRandy_Randerson wrote: »GCIA is my next one up in November. I really need to get into those books sooner rather than later lol. The good news is I took it vLive so I have it with the actual class and up-to-date material. How were the labs?
Its been some years since I've passed it, but the labs were very in-depth and help to ingrain the very tedious material you're learning. GCIA is definitely one in which the practical part helps a ton.Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework -
Jasiono Member Posts: 896 ■■■■□□□□□□Thanks for the write up. I'm studying for mine right now and I'm on book 1
-
Randy_Randerson Member Posts: 115 ■■■□□□□□□□Thanks for the write up. I'm studying for mine right now and I'm on book 1
Don't give up on this one! I know you'll kick its rear end. Big thing that helped me with some of these was clicking on those reference links within the material as well. OWASP goes much more in-depth with examples than the books do. I felt some of the questions on the tests mimicked that a lot more.
Also, I had a few questions (namely practice tests, so retired questions?) that specifically were looking at nmap scans the way GPEN did. Meaning you were determining potential types of devices that were scanned. Wasn't too big of a fan of those lol.