Passed GCIA (SEC503)

MalwareMikeMalwareMike GSEC, GCIH, GCIA, GWAPT, RHCSA, WCNAPosts: 147Member ■■■□□□□□□□
Disclaimer: I'm enrolled in the SANS master program and now have completed GSEC, GCIH. GWAPT, and GCIA.

I have to say I really enjoyed this course after I started to actually absorb the information. Going through book 1 and 2 the first time was mentally draining but after the 3rd go around, everything started to come together. So for anyone taking this class in the future, don't get overwhelmed with the first two books, give it time and you'll start absorbing the concepts. Once you grasp the information in the first two books, I believe books 3,4, and 5 are cake...just understand how to use tcpdump, tshark, wireshark, snort, and bro (run through the labs 2-3 times and you'll be a good spot).

Tips for the exam:
**Bring the following with you**
1) A chart that shows you the conversion between decimal/hex/binary (very useful, you dont' want to be converting hex during the exam if you don't have to)
2) Print out a few IP and TCP headers in hex format and label each field...doing this alone helped me solve 8-10 problems
3) Print out all of the ICMP codes (I used this: erg.abdn.ac.uk/users/gorry/course/inet-pages/icmp-code.html)
4) Print out a list of examples for: tcpdump commands, wireshark commands, tshark commands, snort rules, bro scripts, silk commands
SANS provides a book with tcpdump and wireshark commands but I found my personal list to help more
5) The practice exams will tell you where you stand...I received a 87% on my second practice exam and received an 87% on my actual test
6) Great website to test your skills during and after the class: www.malware-traffic-analysis.net/

Current: GSEC, GCIH, GCIA, GWAPT, GYPC, RHCSA, WCNA
2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
Twitter: https://twitter.com/Malware_Mike
Website: https://www.malwaremike.com

Tagged:

Comments

  • DJVeritasDJVeritas GMON / CNDA / CEH Posts: 26Member ■■■□□□□□□□
    Thanks for the tips!  Congrats on your pass!
  • chrisonechrisone CISSP, CRTP, eCPPT, LFCS, CEH, Azure Fundamentals, Retired Cisco NPs Posts: 1,871Member ■■■■■■■■□□
    Thanks man! I just finished all 5 books. I need to go over the books a second time and listen to the class mp3s. I hope to take the test at the end of Feb. 
    2019 Goals:
    Courses: Real World Red Team Attacks- AppSec Cali 2019 (complete), Active Directory Attacks for Red and Blue Teams Advanced Edition - BlackHat (completed),
    Certs: Certified Red Team Professional - Pentester Academy (passed!), Azure Fundamentals AZ-900 (passed!), Azure Security Engineer Associate AZ-500 (in-progress)
  • MalwareMikeMalwareMike GSEC, GCIH, GCIA, GWAPT, RHCSA, WCNA Posts: 147Member ■■■□□□□□□□
    @chrisone how did you like the FOR508 course?
    Current: GSEC, GCIH, GCIA, GWAPT, GYPC, RHCSA, WCNA
    2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
    Twitter: https://twitter.com/Malware_Mike
    Website: https://www.malwaremike.com

  • chrisonechrisone CISSP, CRTP, eCPPT, LFCS, CEH, Azure Fundamentals, Retired Cisco NPs Posts: 1,871Member ■■■■■■■■□□
    @chrisone how did you like the FOR508 course?
    I am not taking it until SANS Network Security in Vegas in Sept 2019. My signature displays 2019 goals (courses and certs), as you can see I have a lot on my plate. I just finished AppSec Cali Red Team Attacks and next will be SANS West in San Diego May 2019. I will be taking the SEC660 course and hopefully pass the GXPN sometime in the summer. Before May/SANS WEST I want to knock out GCIA and GCIH. I was hoping to pass GCIA at the end of Feb and GCIH at the end of April.  
    2019 Goals:
    Courses: Real World Red Team Attacks- AppSec Cali 2019 (complete), Active Directory Attacks for Red and Blue Teams Advanced Edition - BlackHat (completed),
    Certs: Certified Red Team Professional - Pentester Academy (passed!), Azure Fundamentals AZ-900 (passed!), Azure Security Engineer Associate AZ-500 (in-progress)
  • MalwareMikeMalwareMike GSEC, GCIH, GCIA, GWAPT, RHCSA, WCNA Posts: 147Member ■■■□□□□□□□
    @chrisone I found GCIH to be super easy, I think I passed the exam in a month. I just started the SANS SEC573 (Automating security with Python) yesterday, just patiently waiting for the books and labs to come in.
    Current: GSEC, GCIH, GCIA, GWAPT, GYPC, RHCSA, WCNA
    2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
    Twitter: https://twitter.com/Malware_Mike
    Website: https://www.malwaremike.com

  • chrisonechrisone CISSP, CRTP, eCPPT, LFCS, CEH, Azure Fundamentals, Retired Cisco NPs Posts: 1,871Member ■■■■■■■■□□
    Good deal! you are giving me lots of motivation and hope that I can finish GCIA and GCIH by May :smile: 

    The SEC573 looks like a very good course. I am sure the labs will be loads of fun! Id like to eventually take SEC573 and SEC505 Powershell courses but that will be sometime in 2020. 
    2019 Goals:
    Courses: Real World Red Team Attacks- AppSec Cali 2019 (complete), Active Directory Attacks for Red and Blue Teams Advanced Edition - BlackHat (completed),
    Certs: Certified Red Team Professional - Pentester Academy (passed!), Azure Fundamentals AZ-900 (passed!), Azure Security Engineer Associate AZ-500 (in-progress)
  • E Double UE Double U ■■■■■■■■□□ Posts: 1,552Member ■■■■■■■■□□
    I found GCIA to be a beast so congratulations to anyone that passes and good luck to anyone pursuing it. 
    Alphabet soup: CISSP, CCSP, CISM, CISA, GPEN, GCIA, GCIH, GCCC, CEH, etc

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • chrisonechrisone CISSP, CRTP, eCPPT, LFCS, CEH, Azure Fundamentals, Retired Cisco NPs Posts: 1,871Member ■■■■■■■■□□
    I found GCIA to be a beast so congratulations to anyone that passes and good luck to anyone pursuing it. 
    what is your assessment on GCIH? was it as easy as Malware Mike mentions it to be?
    2019 Goals:
    Courses: Real World Red Team Attacks- AppSec Cali 2019 (complete), Active Directory Attacks for Red and Blue Teams Advanced Edition - BlackHat (completed),
    Certs: Certified Red Team Professional - Pentester Academy (passed!), Azure Fundamentals AZ-900 (passed!), Azure Security Engineer Associate AZ-500 (in-progress)
  • BlucodexBlucodex OSCP, GCIA, GCIH, GMON, CISSP, CEH, CHFI, CCNA CyberOps, Security+ Posts: 430Member ■■■■□□□□□□
    I just passed (challenged) GCIH two weeks ago after a couple weeks of self-study--so I did not take the 6 day course.

    Difficulty is going to depend on your experience/knowledge level.  I didn't find it particularly difficult but you really need to know attacks/tools/defenses to make things easier.  

    Having passed both, for me personally....  If GCIA is a 9 for difficulty I would give the GCIH a 7.
  • E Double UE Double U ■■■■■■■■□□ Posts: 1,552Member ■■■■■■■■□□
    edited January 27
    chrisone said:
    I found GCIA to be a beast so congratulations to anyone that passes and good luck to anyone pursuing it. 
    what is your assessment on GCIH? was it as easy as Malware Mike mentions it to be?
    Malware Mike described it as super easy, but that was not the case for me (my official score was 76%). But our differences in opinion is not relevant. Like Blucodex said, the level of difficulty depends on your experience/knowledge going in to it. At the time of taking that exam, my day-to-day job focused more on firewalls, vpn, ids, web filters, etc. All of those exploits covered during the course were things I had only read about, but never actually tried. I had not used most of those tools I learned about in the SANS course (including nmap) and some I never heard of. 
    Alphabet soup: CISSP, CCSP, CISM, CISA, GPEN, GCIA, GCIH, GCCC, CEH, etc

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • MalwareMikeMalwareMike GSEC, GCIH, GCIA, GWAPT, RHCSA, WCNA Posts: 147Member ■■■□□□□□□□
    E Double U/Blucodex/Chrisone,

    I don't mean to make the certifications sound easy because they aren't. Having taken 4 of the SANS certs, I understand the way they ask questions so when Im going through the books I can now highlight things I think will be on the test and I'm pretty accurate. Mix that in with a damn good index and knowing exactly where to go when you see a question...for example: when I see a DNS question that I didnt know or wanted to double check, I already know to look at Book 3/page 64 (and that was from memory). But everyone correlates info differently, so I just wanted to throw that out there.
    Current: GSEC, GCIH, GCIA, GWAPT, GYPC, RHCSA, WCNA
    2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
    Twitter: https://twitter.com/Malware_Mike
    Website: https://www.malwaremike.com

  • chrisonechrisone CISSP, CRTP, eCPPT, LFCS, CEH, Azure Fundamentals, Retired Cisco NPs Posts: 1,871Member ■■■■■■■■□□
    No worries Mike, I understood what you and the others were saying. In the end these are just peoples personal experiences. I take all this input and formulate a guess as to how I may experience the exam. Everyone is correct that each persons level of experience will influence their own personal level of difficulty for any exam. I feel I may take a month and a half for the GCIH, well see :smile:


    Thanks guys!
    2019 Goals:
    Courses: Real World Red Team Attacks- AppSec Cali 2019 (complete), Active Directory Attacks for Red and Blue Teams Advanced Edition - BlackHat (completed),
    Certs: Certified Red Team Professional - Pentester Academy (passed!), Azure Fundamentals AZ-900 (passed!), Azure Security Engineer Associate AZ-500 (in-progress)
  • E Double UE Double U ■■■■■■■■□□ Posts: 1,552Member ■■■■■■■■□□
    E Double U/Blucodex/Chrisone,

    I don't mean to make the certifications sound easy because they aren't. Having taken 4 of the SANS certs, I understand the way they ask questions so when Im going through the books I can now highlight things I think will be on the test and I'm pretty accurate. Mix that in with a damn good index and knowing exactly where to go when you see a question.
    I have gotten to that point as well. It took me several months to prepare for my first two GIAC certs (GCIH/GCIA), but I passed GPEN a few weeks after completing the course. 
    Alphabet soup: CISSP, CCSP, CISM, CISA, GPEN, GCIA, GCIH, GCCC, CEH, etc

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • Randy_RandersonRandy_Randerson CFE, GASF, GAWN, GCFA, GCFE, GCIH, GLEG, GMOB, GNFA, GPEN, GSEC, GWAPT, DFCP, ACE, CompTIA A/N/S+ Posts: 113Member ■■■□□□□□□□
    Easily the hardest one I took -- Thank you for the insight! I need to tackle the beast again soon! 
  • unrealskillz06unrealskillz06 CISSP, SSCP, GCIA, GSEC, GCIH, CCNP R/S, Sec+, Net+ Posts: 37Member ■■■□□□□□□□
    Great job! I'll be sitting for this one later this week
  • MalwareMikeMalwareMike GSEC, GCIH, GCIA, GWAPT, RHCSA, WCNA Posts: 147Member ■■■□□□□□□□
    Great job! I'll be sitting for this one later this week
    Make sure you know DNS in detail or at the very least, you know where to go to review the information
    Current: GSEC, GCIH, GCIA, GWAPT, GYPC, RHCSA, WCNA
    2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
    Twitter: https://twitter.com/Malware_Mike
    Website: https://www.malwaremike.com

  • eng11meng11m ■■□□□□□□□□ Posts: 1Member ■■□□□□□□□□

    how ware the lab questions.?

     was the time limit enough ?

  • tboetboe GCIA,GCFE,CCNA, COMPTIA Sec+ Posts: 40Member ■■■□□□□□□□
    Congratz and welcome to the club!
  • SATartSATart GSEC, CCNA, CCNA Sec Posts: 2Member ■■□□□□□□□□
    edited February 15

    I am curious about how time intensive the labs/hands-on portion is as well. SiLK was covered only briefly in book 5, yet the practice test lab on it was quite intensive and required a lot of time (IMO/for me). Also, the labs appear to be weighted more heavily in score than the multiple choice questions. The practice test suggest they are at least.

    GSEC, CCNA, CCNA Sec

    Next: GCIA
  • MalwareMikeMalwareMike GSEC, GCIH, GCIA, GWAPT, RHCSA, WCNA Posts: 147Member ■■■□□□□□□□
    If I recall correctly, there were 11 lab questions on the practice exam and the real exam follows that rubric. The lab questions are very similar from the practice exams to the real exam, so if they asked you to use SiLK, it will probably be on the exam. But I dont recall it taking a long time, you just have to understand the syntax
    Current: GSEC, GCIH, GCIA, GWAPT, GYPC, RHCSA, WCNA
    2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
    Twitter: https://twitter.com/Malware_Mike
    Website: https://www.malwaremike.com

  • SATartSATart GSEC, CCNA, CCNA Sec Posts: 2Member ■■□□□□□□□□
    If I recall correctly, there were 11 lab questions on the practice exam and the real exam follows that rubric. The lab questions are very similar from the practice exams to the real exam, so if they asked you to use SiLK, it will probably be on the exam. But I dont recall it taking a long time, you just have to understand the syntax
    Thanks for the feedback. 
    GSEC, CCNA, CCNA Sec

    Next: GCIA
  • charismaticxcharismaticx Sec+, GSEC, GSED, GCIH, CEH, CYSA, GSNA, CASP +, PenTest +, GCIA Posts: 40Member ■■■□□□□□□□
    @MalwareMike would you say indexing the lab book help for reference? I’m debating on what I can do to tackle the vm questions better. 
  • Randy_RandersonRandy_Randerson CFE, GASF, GAWN, GCFA, GCFE, GCIH, GLEG, GMOB, GNFA, GPEN, GSEC, GWAPT, DFCP, ACE, CompTIA A/N/S+ Posts: 113Member ■■■□□□□□□□
    @MalwareMike would you say indexing the lab book help for reference? I’m debating on what I can do to tackle the vm questions better. 
    I would. Especially things like specific commands with their options for quick reference. Nothing is really tricky, but it'll speed things up a bit if you know how to correctly open Snort conf file and edit it. I found the lab books much quicker for that information than the actual books themselves since its over a few slides.
  • charismaticxcharismaticx Sec+, GSEC, GSED, GCIH, CEH, CYSA, GSNA, CASP +, PenTest +, GCIA Posts: 40Member ■■■□□□□□□□
    I’ve tabbed out my lab book for quick reference. I think I have an idea of what to expect. I’m not sure what kind of questions they’ll ask so I guess I’ll just be prepared.  
  • quogue66quogue66 GREM GPEN GCIA GSEC GCFE GCFA GCIH GASF GSE (multiple choice) Posts: 161Member ■■■□□□□□□□
    There are a few things in the lab book that aren't anywhere else in the material.  For the GSE multiple choice test I actually took apart the lab book and added sections to each of the 5 books.  The time is so short for GSE that I didn't look at it very often but it made it easier to study with.  I also didn't have to carry the lab book with me all the time.
  • charismaticxcharismaticx Sec+, GSEC, GSED, GCIH, CEH, CYSA, GSNA, CASP +, PenTest +, GCIA Posts: 40Member ■■■□□□□□□□
    I just passed the GCIA a little while ago. I have to admit it was significantly harder than both practice exams. The lab book definitely helps but you have to be creative on the labs.  
  • Chris200712Chris200712 ■□□□□□□□□□ Posts: 1Member ■□□□□□□□□□
    I am taking mine next week. How was the admissions process for the Masters program?
  • quogue66quogue66 GREM GPEN GCIA GSEC GCFE GCFA GCIH GASF GSE (multiple choice) Posts: 161Member ■■■□□□□□□□
    It's pretty easy.  You send your transcripts, write two papers and make a video of yourself giving a talk on one of the papers.
Sign In or Register to comment.