Which SANS course to begin with?

Hi All,

I work as a Pentester and hold handful of certs.

I've been going through the forum posts and it appears that GSEC is a popular SANS cert for starters. I have gone through its syllabii and it's huge and very complete..

The understanding that foundations should be built well is absolutely clear to me. The thing is, given the budget crunch, mgmt guys couldn't care any less now about 'foundations pitch' coming from any experienced personnel. You see what I mean here. Looking at how some cool guys here are doing multiple SANS courses and challenges, I got speechless for a while. Basically, now it's more about selling out to guys ups so they can approve fundings.

Given such a scenario, I am trying to identify the best suited subjects for me and the order of their execution.

I plan to work towards these 3 subjects:
1. GPEN
2. GWAPT
3. SANS Metasploit / GSEC

Please share your opinions and inputs on this choice, order, and / or experience to get started up with it.

SANS is damn expensive and equally worthy. So am may be looking for people's experiences on how they perhaps pursued these out of their wallets. That'd be inspiring to hear.

Another question, can I pool in with any other colleagues to purchase and share the SANS course material?

Best Regards,
iVictor

Find more posts tagged with

Comments

GAngel

If you're already a pentester then GSEC probably will be way to light for you. Gpen cover's metasploit and may be where you want to start.

dynamik

I challenged the GSEC and GPEN. Foundation is definitely important but at your level, I don't see the GSEC course being worthwhile. Eric Cole, who is one of the course authors and primary instructors also wrote the Network Security Bible, and you can use that as a reference. I only took it because I want to go after the GSE, and it's a prerequisite.

GPEN seems like the best place to start for you. The new Metasploit course looks awesome too. No interest in GAWN and the GIAC pen testing trifecta?

We get $4k/year to spend on training. Work paid for the GPEN challenge, but I paid for the GSEC since I had already exhausted my budget for the year.

Also, if you're interested in getting materials cheaply (relatively), you can visit a nearby conference and see if they have any extra course books that they're willing to sell.

veritas_libertas

@Dynamik: How close are you to taking the GSE

dynamik

veritas_libertas wrote: »

@Dynamik: How close are you to taking the GSE :

Very far. I have to do GCIH and GCIA along with either another cert or a gold paper. Then I need to do the GSE written. That will make me eligible for the two-day lab, which they typically offer once per year in the fall.

I'm hoping to make an attempt at the lab in fall of 2011. That's actually a pretty tight schedule given the amount of material I need to get through (and other things I want to work on), so I'll probably fail, but it'll give me an idea of what to expect in 2012. I'm banking on this renewing my GIAC certs, so I believe I have until 2013, worst-case

Paul Boz

If pentesting is a significant part of your job definitely get the GPEN. it will make you a much more competent penetration tester. I also think that the GCIH falls under your skillset as well. The GPEN is 100% pentesting, where the GCIH is one day of incident handling and five days of pentesting. Ed Skoudis does both courses and I can tell you right now that the material is very similar. Both are very popular right now.

TrainingDaze

Video describing the SANS 560 experience: SANS: Network Penetration Testing and Ethical Hacking

iVictor

Thanks all for your responses.

dynamik wrote: »

I challenged the GSEC and GPEN. Foundation is definitely important but at your level, I don't see the GSEC course being worthwhile. Eric Cole, who is one of the course authors and primary instructors also wrote the Network Security Bible, and you can use that as a reference. I only took it because I want to go after the GSE, and it's a prerequisite.

GPEN seems like the best place to start for you. The new Metasploit course looks awesome too. No interest in GAWN and the GIAC pen testing trifecta?

We get $4k/year to spend on training. Work paid for the GPEN challenge, but I paid for the GSEC since I had already exhausted my budget for the year.

Also, if you're interested in getting materials cheaply (relatively), you can visit a nearby conference and see if they have any extra course books that they're willing to sell.

The GIAC pen testing combo I find extremely interesting, is -> GPEN [ 560 ], GWAPT [ 542 ], GAWN [ 617 ].

We don't have such a training allocation per team member. That's probably one issue with big orgn. The spending & other facilities are really good for 'our' certifications though. Plus the US teams usually get it easier than many others.

I thought of getting used or extra materials but then SANS rarely happens in my part of the world. So that's not an available option.

Paul Boz wrote:

If pentesting is a significant part of your job definitely get the GPEN. it will make you a much more competent penetration tester. I also think that the GCIH falls under your skillset as well. The GPEN is 100% pentesting, where the GCIH is one day of incident handling and five days of pentesting. Ed Skoudis does both courses and I can tell you right now that the material is very similar. Both are very popular right now.

True Paul. Do you imply if I can get my hands-on on GPEN materials, GCIH is not far off? If that's so, it'd be cool!

TrainingDaze wrote:

Video describing the SANS 560 experience: SANS: Network Penetration Testing and Ethical Hacking

I watched this over. And man.. this has fueled me up even more. Thnx.

It seems there is an Advanced Pen Testing course launched recently by SANS: [ 660 ]

One question that hasn't been answered is if I can pool in with others to get the prep materials? Since exams are open-book, and buying SANS materials is not mandatory, I hope this should be fine?

Best Regards.

dynamik

No, the materials are licensed to the person who buys the course. They'll yank all your certs if they catch you sharing materials.

I've found enough other resources available online (legitimately - made into a notes document) and in print to be good enough. You can two practice exams when you challenge an exam, so you can use that to identify areas you need to work on. The course websites also provide day-by-day breakdowns of the topics. I'll probably bring in 5 700-1000 page books with me for my GCIH

iVictor

dynamik wrote: »

No, the materials are licensed to the person who buys the course. They'll yank all your certs if they catch you sharing materials.

I've found enough other resources available online (legitimately - made into a notes document) and in print to be good enough. You can two practice exams when you challenge an exam, so you can use that to identify areas you need to work on. The course websites also provide day-by-day breakdowns of the topics. I'll probably bring in 5 700-1000 page books with me for my GCIH

Thanks for clearing this up. It seems a good possibility at least GPEN study material is not going to be shared b/w any of my team members cos they work on other domains. So books stay with me

When you say 'notes', I am sure you are NOT in any way referring to cram sheets or ****.

Can you refer me to those resources please?

Something to get started with till I officially get my hands on the stuff.

Reg my question on GPEN and GCIH, if I have GPEN materials, GCIH is not far off...?

dynamik

Nope, no ****. You get two practice tests with a challenge, and the course site lists day-by-day break-downs of the topics covered. I research and make notes from all that (well, I will on this one; I didn't use my other practice exams). I also print off things like man/help pages for tools, etc. You can bring in whatever resources you want.

Hacking Exposed and the Open Source Penetration Tester's Toolkit books will go a long way.

Looking at the course sites, it looks like IH has one day of incident handling and the rest is largely the same. I'd like to take this within six months (probably double-up with GWAPT), and I'll have a post detailing my experiences. However, from my understanding, the course is taught from a different perspective. Think defense vs. offense. Ed's Couterhack: Reloaded seems to be a good book for that course. I'll probably supplement that with an IH book or two along with the NIST documents.

Paul Boz

I've found that you can stumble through the objectives on your own if you pay attention to the day by day course breakdown on the SANS site. For example, on the GCIA details page on the right column is a day by day breakdown of the course material. Just google the topics and you're set.