Gcia

L0gicB0mb508

Just got word today that my company is going to pay for my SANS 503 course and my GCIA certification. I'm really excited about it.

JDMurray

Nice! Please post your experience with the class and the cert exam.

veritas_libertas

Congratz! That would be a blast.

L0gicB0mb508

JDMurray wrote: »

Nice! Please post your experience with the class and the cert exam.

Will do. It may take a little bit before I get it all approved, but I will definitely post my experiences for you all.

tpatt100

Great news, yes please keep us up to date. I was told I would need to get this sometime so I am looking to take it next spring.

Paul Boz

Sweet! A lot of the material is shared with the GCFW (TCPDump, snort, etc). You will like it very much

L0gicB0mb508

Paul Boz wrote: »

Sweet! A lot of the material is shared with the GCFW (TCPDump, snort, etc). You will like it very much

After I get done with GCIA, I may actually go for the GCFW. It does sound like a really awesome class.

unsupported

I'm taking the Intrusion In-Depth course next month in DC. I'm in a holding pattern for preparing until after this semester, but I bought both the SANS GCIA and GCFW books as reference.

L0gicB0mb508

I just got final approval and my paperwork. It looks like I'm ready to go. I'll hopefully get signed up and started next week.

Paul Boz

Excellent. I received word today that I should be able to register for the self-training for the GCIH in January. I'm looking forward to incident handling.

L0gicB0mb508

Paul Boz wrote: »

Excellent. I received word today that I should be able to register for the self-training for the GCIH in January. I'm looking forward to incident handling.

That would be a lot of fun. I work with a lady that has that cert as well as a few other SANS certs. I'll have to ask her how that one is. I think she actually teaches the intrusion analyst course from time to time.

You're going to ba a SANS-aholic before is all said and done huh? haha

L0gicB0mb508

Finally got the call from my company today that they are registering me. I hope to hear back by the end of the day. If not today then the next couple days. I'm keeping my fingers crossed things speed up a little after this point.

unsupported

Congrats on getting approval. I just took the GCIA course and it was amazing! I feel like that scene in The Matrix where Neo sees all the code that runs The Matrix and kicks The Agents ass.. well, 'cept with network packets.

That's about all the write-up I've given the course 'cause I've been so busy. I should have taken notes on my thoughts and feelings... ahh, one of these days I'll do it.

L0gicB0mb508

unsupported wrote: »

Congrats on getting approval. I just took the GCIA course and it was amazing! I feel like that scene in The Matrix where Neo sees all the code that runs The Matrix and kicks The Agents ass.. well, 'cept with network packets.

That's about all the write-up I've given the course 'cause I've been so busy. I should have taken notes on my thoughts and feelings... ahh, one of these days I'll do it.

I hope to give a good write up when i actually get to do it. Right now it seems like I've once again been dropped to a screeching halt.

L0gicB0mb508

Andddd I'm still waiting. I think I may actually just do the OSCP on my own while I'm waiting. Good times.

Paul Boz

You could start studying the GCIA subjects on your own so that when you get the material it makes more sense / you can get through it quicker. My strong networking background made the GCFW pretty easy. The more you know going into a SANS test the more you'll take out of it and the higher the score you'll obtain. Go to the SANS site and print each day's curriculum for the course. Go through the list researching the subjects until you get approved.

Here's day one's curriculum for the GCIA:

* Refresher of TCP/IP
o Including tcpdump, hexadecimal, TCP/IP Communication model
* TCP/IP Communication Model
o TCP, UDP, and ICMP
* IP Fragmentation
o How It Works
o Initial Fragment and Protocol Information
o Additional Fragments and Offset
o Malicious Fragmentation
* Internet Control Message Protocol (ICMP)
o ICMP Theory
o Mapping Using ICMP
o Normal ICMP Behavior
o Malicious ICMP Traffic
* Stimulus and Response
o Expected Behavior for Normal Activity
o Normal but Unconventional Stimulus-Response
o Behaviors and Categories of Abnormal Stimulus-Response
* Microsoft Protocols
o SMB/CIFS
o DCE/RPC
o Active Directory
* Domain Name System (DNS)
o Client and Server Interaction
o Server to Server Interaction
o Primary and Secondary Servers
o Transport Protocol Used (TCP/UDP)
o Intelligence Gathering Tools
o DNS: the Dark Side
* Internet Routing
o Static Routing
o The Role of Address Resolution Protocol
o Loose Source Routing
o Dynamic Routing Protocols
o Multicast Routing
* IPsec
* IPv6

You can study every single one of these subjects to well beyond the course's requirements without the course material. I suggest you do that rather than investing time into a cert that you may not complete by the time your SANS cert gets approved.

carboncopy

That's cool that you are going to take that class! I think it will lots of fun

I am praying that I get approved to go to the SANS event taking place in Disney in a couple of months.

L0gicB0mb508

I just printed them off. Doesn't look too bad at all. I'll have to brush up on my Snort rule writing. I see that now.

L0gicB0mb508

carboncopy wrote: »

That's cool that you are going to take that class! I think it will lots of fun

I am praying that I get approved to go to the SANS event taking place in Disney in a couple of months.

Good luck to you. I hope your process goes much faster than mine.

carboncopy

L0gicB0mb508 wrote: »

Good luck to you. I hope your process goes much faster than mine.

Yeah I hope so too... I really do.

L0gicB0mb508

carboncopy wrote: »

Yeah I hope so too... I really do.

I'll get there someday. Maybe.

carboncopy

L0gicB0mb508 wrote: »

I'll get there someday. Maybe.

Almost threw a WV joke there... but was able to hold myself back :P

L0gicB0mb508

shuddup packet monkey before i pimp slap you.

carboncopy

L0gicB0mb508 wrote: »

shuddup packet monkey before i pimp slap you.

I wonder how many people on here are actually at work....

This thread is going in the wrong direction, lol.

L0gicB0mb508

I finally got started today. I'm really excited. The OnDemand stuff looks pretty good. You have the option of watching the videos or listening to the mp3s before your books arrive. I guess it's going to be a busy month, i expected this to take even longer, so i signed up for OSCP as well. Oh well, I think this material will keep me interested enough that I can do the double courses.

JDMurray

L0gicB0mb508 wrote: »

I guess it's going to be a busy month, i expected this to take even longer, so i signed up for OSCP as well. Oh well, I think this material will keep me interested enough that I can do the double courses.

Good heavens! No job and family then?

L0gicB0mb508

JDMurray wrote: »

Good heavens! No job and family then?

i may not have a wife once I'm done haha.

L0gicB0mb508

No real progress on this. I've actually had a little bit of a hard time getting into this material. Work has been pretty demanding, so I haven't had a chance to really study like I want to. I realllly need to get on it though.

L0gicB0mb508

I finally got around to studying for this bad boy a little. Im about 1/3 way through the first book which is TCP/IP for Intrusion detection. This particular book in the series is just to get everyone up to speed on the basics of TCP/IP and some of the general concepts covered in the course. So far I've covered the following:
tcpdump overview
TCP/IP overview
analysis of the IP header from tcpdump's hex output
fragmentation
historical fragmentation attacks
ICMP overview

Each little segment has its own quiz at the end. Sometimes the questions are a little vague, but over all they are pretty good. They actually give you sample output from tcpdump and ask questions on it. I do like the real world factor of it.

L0gicB0mb508

Wow, I'm burnt out. Work has been pretty hectic, so it's kind of wearing me down. I'm about 1/2 way through this, but it's hard to find the motivation to continue. Right now I'm doing a new Snort install and I've been going through the OnDemand videos.

Chris:/*

That is awesome. I do need to complete GCIA and GCIH classes and exams to earn my GSE and work towards my Cyber Guardian Credential.