Is this possible? (GCIH)

I don't know if this has been asked before (tried search but it came up kinda dry) but is it really possible to challenge the GCIH with just Counter Hack...Reloaded. I'm thinking about picking up this book and going through Metasploit Unleashed. It kind of sucks because..

1. I don't have the $2k+ to put up for self study
2. While I can afford the work study, I just don't have to time to take time off for work, plus paying room and board, and it's not a guarantee that you will get the course you want (from what I heard)
3. Since I can afford the work study, I can afford to pay for the test.

I'm open to all opinions.

Joey
Reading: What ever is on my desk that day :study:

Comments

  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    When are you thinking about doing it? I'll be going that route before the end of the year and could provide better feedback in the near future.

    I'll also be using this: Amazon.com: Incident Response and Computer Forensics, Second Edition (0783254041295): Chris Prosise, Kevin Mandia, Matt Pepe: Books

    and the NIST IH/IR docs: http://csrc.nist.gov/publications/PubsSPs.html

    Here's another good thread that will give you some direction: The Ethical Hacker Network - Incident Handling - Resources, from start to finish

    You also get two practice exams when you sign up for a challenge, so that'll help you identify any weak areas that you can research further. Be sure to visit the 504 course page and view the day-by-day breakdowns for the course too.
  • jahsouljahsoul Member Posts: 453
    dynamik wrote: »
    When are you thinking about doing it? I'll be going that route before the end of the year and could provide better feedback in the near future.

    I'll also be using this: Amazon.com: Incident Response and Computer Forensics, Second Edition (0783254041295): Chris Prosise, Kevin Mandia, Matt Pepe: Books

    and the NIST IH/IR docs: http://csrc.nist.gov/publications/PubsSPs.html

    Here's another good thread that will give you some direction: The Ethical Hacker Network - Incident Handling - Resources, from start to finish

    You also get two practice exams when you sign up for a challenge, so that'll help you identify any weak areas that you can research further. Be sure to visit the 504 course page and view the day-by-day breakdowns for the course too.
    It's no time soon. Probably in the next 6-9 months but I've really been contemplating this for a while now and I want to go forward with this.

    I appreciate the additional info. I've read that some people have actually passed the test with that one book and tools but I don't their experience prior to that so I can only take that so far.
    Reading: What ever is on my desk that day :study:
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Cool. Depending on how my finances shake up over the next couple of months, I might pay for it out-of-pocket, but I may have to wait until I get my 2011 training budget in January. I'll definitely post about it whenever it happens.

    Having done the GPEN, I feel like I could go in tomorrow and pass. However, they do publish your scores online, and I'd like to get 85% or better so I can be a mentor.
  • TrainingDazeTrainingDaze Member Posts: 62 ■■□□□□□□□□
    If you have experience in the areas listed that GCIH covers and you feel confident that after reading Skoudis' book (and maybe another related book or two) that you can pass then I'd say go for it. It's not unheard of that people can just do self study for each individual topic covered in the coursework listings and pass.

    ...But if you're like me and don't have a lot of experience in all of the topics, and are not willing to bet $900 on yourself that you can pass the exam then maybe it would be prudent to take another look at being a facilitator.

    I've signed up for the work study program when sans comes to town in December and made 503 my first pick, with about 6 other choices right behind it. It's important to remember that many of these classes greatly overlap each other so if you end up having to facilitate for 560 or 503 then you will still spend a good amount of time covering topics relevant to GCIH (apparently there are actually people out there who only pursue one Giac cert so a lot of the courses share an overlap of information, but you wouldn't know it wandering this forum icon_lol.gif ).
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Ah, you're lucky. They're not offering 503 at Security East 2011 (my area). I applied for GAWN since that's the most technical course they're offering. I need to do the GCIA, but I'm really nervous about challenging that one. They're offering 502 as well, and I'm going to try to pick up one of those books from the "book store" and hope it covers enough packet analysis to get me through 503 icon_eek.gif

    It's also worth mentioning that retakes are $199. If you happen to miss a challenge, that's not a bad price to pay for a second shot after you have a chance to regroup.
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    As hinted earlier, SANS posts your score online so anyone can see how well you did. This is one of the reasons I didn't challenge the GSEC (although in retrospect, I could have). There's that certain awkward moment when someone checks the list and you have a just barely passing score. Hmm...
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • TrainingDazeTrainingDaze Member Posts: 62 ■■□□□□□□□□
    Sorry, I meant to type 504, not 503... too much cissp cramming today and my head is mush. I didn't know retakes were $199, thanks for the info.

    GAWN looks really cool, it's on the "someday in the future" list :D I've seen Josh Wright offer discounts for the course on his site (Hacking, Pen-Testing, Securing and Defending Wireless Networks) not sure if he still is, it might just be a thing they do when they introduce new classes. I'm guessing the course aligns with his new book as well (Amazon.com: Hacking Exposed Wireless, Second Edition (9780071666619): Johnny Cache, Joshua Wright, Vincent Liu: Books) which is on my fall reading list icon_study.gif

    dynamik what certs are in your crosshair now?
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    No worries, I know how that goes. Someone I'm following on Twitter today said something along the lines of, "Show me on the doll what the CISSP did to you." That sums it up icon_lol.gif

    I'm not sure how well that book maps to his course. While he's definitely the most well-known wireless guy on there, it's not "his" book. He wasn't involved with the first edition, and I'm not sure how much he influenced this new version. Of all the SANS certs I've looked at, this seems the most technical (with the exception of reverse engineering malware, but that's a whole different animal). It was on my "someday in the future" list as well, which is why I'm just trying to take a stab at it via work study. I won't pursue it on my own for another year or two.

    I have a couple college classes that I desperately need to wrap up in the next few weeks, and then it's on to the two OffSec certs listed in my sig. I'll probably try to wrap up GCIH and GWAPT by the end of the year, finances permitting.
  • jahsouljahsoul Member Posts: 453
    If you have experience in the areas listed that GCIH covers and you feel confident that after reading Skoudis' book (and maybe another related book or two) that you can pass then I'd say go for it. It's not unheard of that people can just do self study for each individual topic covered in the coursework listings and pass.

    ...But if you're like me and don't have a lot of experience in all of the topics, and are not willing to bet $900 on yourself that you can pass the exam then maybe it would be prudent to take another look at being a facilitator.

    I've signed up for the work study program when sans comes to town in December and made 503 my first pick, with about 6 other choices right behind it. It's important to remember that many of these classes greatly overlap each other so if you end up having to facilitate for 560 or 503 then you will still spend a good amount of time covering topics relevant to GCIH (apparently there are actually people out there who only pursue one Giac cert so a lot of the courses share an overlap of information, but you wouldn't know it wandering this forum icon_lol.gif ).

    That's the thing. I want to but I don't have the time (7 days minimum) and the hotel stay and food is a killer. lol

    I would love to facilitate for the 504 or 560 but time constraints are my biggest issue.
    Reading: What ever is on my desk that day :study:
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Yea, if the conference isn't some place where you can make a commute or crash with friends or family, you're back into the thousands of dollars range once you add all that in.
  • Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    docrice wrote: »
    As hinted earlier, SANS posts your score online so anyone can see how well you did. This is one of the reasons I didn't challenge the GSEC (although in retrospect, I could have). There's that certain awkward moment when someone checks the list and you have a just barely passing score. Hmm...

    I got a 91 on the GSEC challenge with no books. It's truly an easy test.

    That being said, I probably wouldn't challenge the GCIH without materials because I don't really know of a good incident handling book that quite describes the process in the exact words and terms that the GCIH books do. Counterhack (and really any pentesting book) would be sufficient for the 5 days of pentesting, but the incident handling book is the thickest and has the least overlap with any other course. You could probably BS your way through the incident handling stuff but as someone else said, the scores are posted online so do so at your own risk.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    pbosworth@gmail.com
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Pfft, I refuse to heed my own advice icon_cool.gif

    I'm actually getting reimbursed for my GSEC challenge, so I'm torn between challenging another one and being responsible and paying down a CC. Decisions, decisions...
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    I'm getting in the game as soon as I finish my Bachelor degree and the SSCP. icon_cool.gif
  • Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    I’m going to reconsider my GCFW paper now that I’m working in a new environment. I feel like I’ve been opened up to new concepts I hadn’t previously considered. I got the email which you sent me Dynamik, just haven’t had a chance to check it out yet. I have renewed vigor to get the GSE now. My current employer is going to pay me to go to the GCIA course as well. It’ll be cool to actually be able to go to a conference for once.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    pbosworth@gmail.com
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Yep, you're just a GCIA and a gold paper/other GIAC cert away from being GSE-eligible. I think I will throw my personal finances to the wind and register for the GCIH. It is absolutely unacceptable that Paul is one up on me in SANS certs.

    Warning Veritas: This is a dangerous game to play icon_twisted.gif

    Also, I just noticed Chris Mohan (occasionally posts on EH and has written some gold papers) threw in his hat for the GSE this year. I'm really curious to see how he does and what his experience is like. Show him some support; my comment is currently half the total comments icon_lol.gif31 days to the GSE Exam | Security for a day
  • Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    You're 1/3 of the comments now. That's pretty sweet, good find.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    pbosworth@gmail.com
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    dynamik wrote: »
    Yep, you're just a GCIA and a gold paper/other GIAC cert away from being GSE-eligible. I think I will throw my personal finances to the wind and register for the GCIH. It is absolutely unacceptable that Paul is one up on me in SANS certs.

    Warning Veritas: This is a dangerous game to play icon_twisted.gif

    Also, I just noticed Chris Mohan (occasionally posts on EH and has written some gold papers) threw in his hat for the GSE this year. I'm really curious to see how he does and what his experience is like. Show him some support; my comment is currently half the total comments icon_lol.gif31 days to the GSE Exam | Security for a day

    In what way, having you stalking me on the boards like you do Paul? icon_lol.gif
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    In what way, having you stalking me on boards like you do Paul? icon_lol.gif

    I live less than 6 miles from Paul; these boards are the least of his concern.
  • jahsouljahsoul Member Posts: 453
    Paul Boz wrote: »
    I got a 91 on the GSEC challenge with no books. It's truly an easy test.

    That being said, I probably wouldn't challenge the GCIH without materials because I don't really know of a good incident handling book that quite describes the process in the exact words and terms that the GCIH books do. Counterhack (and really any pentesting book) would be sufficient for the 5 days of pentesting, but the incident handling book is the thickest and has the least overlap with any other course. You could probably BS your way through the incident handling stuff but as someone else said, the scores are posted online so do so at your own risk.
    *sigh...just sigh*

    Don't you just hate when your back is against the wall... icon_sad.gif. My new employee will only pay for Cisco certs (I believe, I find out everything Monday) but for some reason, I just don't think that they will just shell out thousands to a wanna be security analyst... *shrugs*
    Reading: What ever is on my desk that day :study:
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    Why not do the CCSP if they won't let you do non-Cisco exams?
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Pfft, way to crush his hopes Paul.

    Paul didn't have the IH/IR resources that I do; I think they actually match the objectives quite well, but only time will tell. I'll probably take a stab at this 4-6 weeks from now. I think any of these exams can be self-studied for. It just comes down to how hard you want to work. If this means that much to you, I'm sure you can git'r done ;)
  • jahsouljahsoul Member Posts: 453
    Why not CCSP?
    I was thinking long and hard about the CCSP and if I really wanted to take it or just get the CCNA:Sec, CCDA, CCNP, and CCDP and focus more on learning about pentesting and "ethical" hacking..so to say. Going the SANS route, I was very interested in specifically the GCIH and GPEN.

    And dynamik, he didn't crush any hopes. Just motivated me to work harder and get more money...lol.
    Reading: What ever is on my desk that day :study:
  • jahsouljahsoul Member Posts: 453
    I was going over the new handbook today and I think that my employer might pay for it!!! *starts "ready to rule the world" laughter*
    Reading: What ever is on my desk that day :study:
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    I wish my job would pay for my certs. I am thinking about self studying for some SANS certs. Starting with GSEC early next year and hopefully doing GCIA/IH before next years end.
Sign In or Register to comment.