GCIH Preparation and attempt log

Paul Boz

I hope I don't get any pushback from the office for wanting to do the GSEC as a part of the GSE

veritas_libertas

Paul Boz wrote: »

I hope I don't get any pushback from the office for wanting to do the GSEC as a part of the GSE

I thought you said that you didn't have to do the GSEC? Isn't the GSEC equivalent to like Security+?

Please correct me if I am wrong, just trying to learn.

dynamik

If you don't want to do GSEC, you can sub GCWN and GCUX for it: GIAC Security Expert (GSE)

GSEC is just the most convenient and economical.

Paul Boz

veritas_libertas wrote: »

I thought you said that you didn't have to do the GSEC? Isn't the GSEC equivalent to like Security+?

Please correct me if I am wrong, just trying to learn.

You're right, but as Dynamik said, the GSEC is the path of least resistance and when the courses cost several thousand that's acceptable.

veritas_libertas

dynamik wrote: »

If you don't want to do GSEC, you can sub GCWN and GCUX for it: GIAC Security Expert (GSE)

GSEC is just the most convenient and economical.

I looked through the GIAC web site and felt a bit lost. I take it you have to follow a path to become GSE, similar to MCSE?

dynamik

It's all on the page I linked to. You can attempt the test via any of these routes:

(A) GSEC, GCIH, GCIA with two gold
(B) GSEC, GCIH, GCIA with one gold and one substitute
(C) GSEC, GCIH, GCIA with no gold and two substitutes
(D) GCWN, GCUX, GCIH, GCIA with one gold
(E) GCWN, GCUX, GCIH, GCIA with no gold and one substitute

Paul Boz

dynamik wrote: »

It's all on the page I linked to. You can attempt the test via any of these routes:

(B) GSEC, GCIH, GCIA with one gold and one substitute
(C) GSEC, GCIH, GCIA with no gold and two substitutes
substitute

I'm leaning to B, but may go with C. B gets you a "gold" endorsement but I'd rather have five silvers than 2 golds and 1 silver. It just becomes a maintenance thing.

dynamik

You can always tack the golds on later, which is probably what I'll do since I have OCD. I'd also rather avoid writing for the time being while I catch up with reports at work and finish three writing-intensive college courses.

I'm just undecided on whether or not I want to do GWAPT or GCFW in addition to GPEN for my second gold substitute. GCFW would be easy since it's so similar to GCIA, but I'd learn a lot more and ultimately get more out of GWAPT. I've been doing web development since I was 13, so that one wouldn't be too bad either...

Paul Boz

Man I want to work on my books so badly, but I just got a new laptop and can't stop playin games

veritas_libertas

Paul Boz wrote: »

Man I want to work on my books so badly, but I just got a new laptop and can't stop playin games

Are you and Dynamik both stuck on Bio Shock???

Paul Boz

Nah, I'm actually playing fallout 3. I got all 1500 achievement points for Fallout 3 and the DLC on xb360 but it looks STUNNING on this computer. I'm about to install STALKER: Clear Sky. So much for my productivity

dynamik

I'm not touching a game until I finish a college class and get my CISSP out of the way (or at least attempt it ). Later on in April I'm going to completely veg and annihilate FFXIII and GOW3. Bioshock 2 will probably keep collecting dust, sadly...

Although it does make me feel better when I see how we hijacked this thread and took it so far off-topic

bodacious00

I was checking out the course overview on the SANS site for this class and it seems really interesting. Do you have to go through 503 GCIA first to take this class?

dynamik

bodacious00 wrote: »

I was checking out the course overview on the SANS site for this class and it seems really interesting. Do you have to go through 503 GCIA first to take this class?

No, there are no prerequisites.

If you want to get started on the material prior to taking the course, many people say that Counter Hack: Reloaded covers a lot of the same material.

Paul Boz

Over this weekend I finished highlighting and tabbing each of the six books. All I've got left to do is to make my various indexes and summaries then do some more labs. Unfortunately I'm going to be on the road for five weeks straight so I can't even take the GCIH until at least the first week of May. This sucks because I feel that I could take it in a week or two.

That being the case, I am going to attempt to make lemonade out of lemons and prepare for the GSEC between now and the first week of May. I don't know of anyone who has taken two SANS serts in the same day but I'd like to try it. I figure I could reserve a hotel room using reward points in the Hilton in the city where my testing center is located then sleep there the night before the tests. I could take the GCIH in the morning (and probably finish it two hours early) then relax for the rest of the day and take the GSEC in the afternoon. I probably wouldn't try this with two "advanced" SANS certs but from what I've seen of the GSEC it shouldn't be an issue.

Once that's done I will be one gold paper and the GCIA away from GSE qualification. I can write the gold paper on really anything so I can do that whenever I feel inspired. I'll probably knock it out on airplanes anyway.

The takeaway? Dynamik needs to hurry the @#$@ up and order the GCIA

dynamik

I knock it out on airplanes all the time. What's so special about that? Oh... You meant the gold paper...

We definitely need to double-up the GSEC with something else; just to make a statement

I might tack that on after GPEN in a couple of weeks...

Paul Boz

Well I just realized that if you have a GSE, when you renew it every 4 years with the multiple-choice exam you automatically renew all of your SANS certs. That being the case, I'm going to say to hell with the gold paper and just do the GPEN. I've already studied for it and even before the GSE I'll have five SANS certs. GSEC, GCIH, and GCIA requirements then the GCFW and GPEN for the gold paper subs. With auto-renewal upon passing the GSE multiple choice every four years there is absolutely no reason not to go that route.

Either way, order that damn course

Paul Boz

I reviewed all six books tonight and feel satisfied that I've learned quite a lot. The course was very informative, hands-on, and challenging. I'm going to do one of the practice exams later this week after I index the books. After I do one of the practice exams I'm going to log into the lab and tear that up to see what the virtualized portion of the exam is like. I have until the end of may but I've settled on the Monday of the first week of May to do the GCIH & GSEC. That gives me over a month and a half to ensure a high score on both exams.

I've also decided to pay for the GPEN out of pocket since my $4k training budget will be $3800 down after the IH and GSEC, but I think it'll be well worth it. I've already studied the material and its only $400 more than a gold paper, so I think it's a fair substitution. I should have three more SANS certs by the end of July if all goes as planned.

Paul Boz

I got back from Disney World with my wife on Friday and have been settling back into work mode. I just scheduled the GCIH and GSEC for May 3rd. I could have taken these tests a month ago but due to my work schedule I've had to continually put them off. It feels good to know a certain date.

Bl8ckr0uter

Paul Boz wrote: »

I just scheduled the GCIH and GSEC for May 3rd. I could have taken these tests a month ago but due to my work schedule I've had to continually put them off. It feels good to know a certain date.

So your taking them both on the same day? Wow! Hardcore! Good luck but I am sure you won't need it.


On another note how would you rate the difficulty of the GSEC material vs the Security+? Also I wanted to know did you feel like the C|EH wasn't worth your time?

Paul Boz

knwminus wrote: »

So your taking them both on the same day? Wow! Hardcore! Good luck but I am sure you won't need it.


On another note how would you rate the difficulty of the GSEC material vs the Security+? Also I wanted to know did you feel like the C|EH wasn't worth your time?

Yes same day. 9:30am for GSEC and 1:30pm for GCIH. GSEC shouldn't take more than 90 minutes so I'll have a lot of down time between exams.

I have never read the Security+ material so I can't make a parallel. Also, I have not had access to the GSEC books so I can't compare that either.

Bl8ckr0uter

Paul Boz wrote: »

Yes same day. 9:30am for GSEC and 1:30pm for GCIH. GSEC shouldn't take more than 90 minutes so I'll have a lot of down time between exams.

I have never read the Security+ material so I can't make a parallel. Also, I have not had access to the GSEC books so I can't compare that either.

So it is truly experience and knowledge that is going to take you over? Very impressive.

Paul Boz

knwminus wrote: »

So it is truly experience and knowledge that is going to take you over? Very impressive.

hopefully lol

Paul Boz

Studying for the GSEC has me fully prepared to cut my wrists. I'm about to just stop preparing for it and wing it with no resources. I indexed my GCIH books over a month ago so short of doing a review session I'm good to go on that front.

I wish I could out of pocket the GPEN and take that on the same day. I don't think anyone's ever done three SANS certs in one day. It might raise some eyebrows lol

dynamik

They said I was the first one to do two (at least at that center). You better up the ante. I should have added the Windows one on. I probably would have had a decent shot at that. I don't think I have any options to triple-up anymore

Paul Boz

dynamik wrote: »

They said I was the first one to do two (at least at that center). You better up the ante. I should have added the Windows one on. I probably would have had a decent shot at that. I don't think I have any options to triple-up anymore

You need three more for the GSE...

Paul Boz

Today is my first real day of prep for the GSEC. It's inconveniently the day before the test. Dynamik has supplied me with some good whitepapers on hardening Windows environments, I've got some good papers on Linux security, and I think my GCIH and GCFW help too. From the curriculum online and testimony from co-workers and others online I don't think I'll have much of a problem given my work experience and the overlap with the exam. I don't often prepare for an exam without the necessary coursework but I think I should be fine.

I'm going to prep for the next couple of hours for the GSEC then do an overview of my GCIH material. I'll probably work on Linux security a bit more before bed since thats a weak point.

dynamik

Paul Boz wrote: »

You need three more for the GSE...

Yea, but the IA is going to be brutal, especially if I have to self-study. I'd probably make myself miserable if I tried to take on two more at the same time. I don't think the IH would be too bad since it's essentially a less technical GPEN with IH material. I think I'm going to challenge that with Ed's Counterhack book and the NIST SP.

I'm hoping this Wireshark book will get me a good way through the IA, but I'm going to need to find a good Snort resource as well. That Wireshark book is awesome so far (187 pages in so far), but it doesn't even get to the good stuff until p.290 or so. I'm still learning about all the preferences, capture placement, etc. It's kind of boring, but it's very useful. She scatters in pcap exercises at the end of each chapter, so you're not just playing with basic UI stuff that entire time. It's definitely shaping up to be a 5-star book.

I'm torn between doing a fifth cert or writing a gold paper for my GSE requirements. I'd either do GCWN or GWAPT if I had to challenge another. Although, the Enterprise Defender one looks pretty cool, and I just noticed today that there's only 57 so far.

The reason I started leaning towards a gold paper is that there was a hiring manager on the advisory board mailing list who said that he definitely looks for gold candidates since it shows they clearly understand the material and can communicate that knowledge effectively. I also saw a job posting from SecureWorks requiring GCIA Gold, so the golds clearly have some real-world value. I think my 3-5 plan is going to get gold in all the certs they offer. Yea, it's an addiction, but it beats WoW...

Paul Boz wrote: »

Today is my first real day of prep for the GSEC. It's inconveniently the day before the test. Dynamik has supplied me with some good whitepapers on hardening Windows environments, I've got some good papers on Linux security, and I think my GCIH and GCFW help too. From the curriculum online and testimony from co-workers and others online I don't think I'll have much of a problem given my work experience and the overlap with the exam. I don't often prepare for an exam without the necessary coursework but I think I should be fine.

I'm going to prep for the next couple of hours for the GSEC then do an overview of my GCIH material. I'll probably work on Linux security a bit more before bed since thats a weak point.

You'll kill'em both. Just be sure to get 90%+, so you can join the advisory board. Don't pull a GCFW and get a weak-ass 89%

The one thing that sucks about challenging these exams is that they display your score for all to see. While I may be able to kill one of these with the official materials, it's a whole different ballgame when you're doing self-study. Their exam objectives are pretty vague too. I'm definitely going to make use of the practice exams in the future and use those for finding areas I need to work on.

Paul Boz

hahahahah I said to hell with self-studying for two more of these things and committed to the gold papers today. That's pretty funny. We need to sit down and brainstorm ideas for papers. That and find time when I'm not writing 15 hours a day for work

I think the GCFW and GSEC will be the easiest exams to write papers on. I'll probably do outbound filtering (hahaha) for the GCFW) and defense in depth for GSEC.

Melb'Sploit

Hi all, 1st post. I'm bumping/resurrecting this post as I'm woefully attempting my studies for GCIH after taking the class-based course downunder recently. The 2x instructors were excellent however: Geroge Bakos and Chris Mohan. Just have the usual time-struggle before exam deadline now.

My Q is this >>>
The course inspired me to buy my own server/PC to run several OS's to learn exploits and IH/forensics.
I have built my own PC's previously but not in recent yrs. What spec is recommended to run say 3-5 OS's at once. Win-server, Win-client, Linux x2 etc. I aim to make most of my 1st (and now last!) M$ technet subs to build said computer.
MY budget is kinda upto $1000 AUD so $925 USD excluding monitor/kbds etc..

Appreciate any tips from those in the know.
I've found Techexams.net has been the best non-SANS resource I've come across so far, for GCIH that is.
Hopefully as I surf on I'll find some newer posts as old as this one for my purposes, and contribute back of course.

cheers!