Is this possible? (GCIH)

jahsoul

I don't know if this has been asked before (tried search but it came up kinda dry) but is it really possible to challenge the GCIH with just Counter Hack...Reloaded. I'm thinking about picking up this book and going through Metasploit Unleashed. It kind of sucks because..

1. I don't have the $2k+ to put up for self study
2. While I can afford the work study, I just don't have to time to take time off for work, plus paying room and board, and it's not a guarantee that you will get the course you want (from what I heard)
3. Since I can afford the work study, I can afford to pay for the test.

I'm open to all opinions.

Joey

dynamik

When are you thinking about doing it? I'll be going that route before the end of the year and could provide better feedback in the near future.

I'll also be using this: Amazon.com: Incident Response and Computer Forensics, Second Edition (0783254041295): Chris Prosise, Kevin Mandia, Matt Pepe: Books

and the NIST IH/IR docs: http://csrc.nist.gov/publications/PubsSPs.html

Here's another good thread that will give you some direction: The Ethical Hacker Network - Incident Handling - Resources, from start to finish

You also get two practice exams when you sign up for a challenge, so that'll help you identify any weak areas that you can research further. Be sure to visit the 504 course page and view the day-by-day breakdowns for the course too.

jahsoul

dynamik wrote: »

When are you thinking about doing it? I'll be going that route before the end of the year and could provide better feedback in the near future.

I'll also be using this: Amazon.com: Incident Response and Computer Forensics, Second Edition (0783254041295): Chris Prosise, Kevin Mandia, Matt Pepe: Books

and the NIST IH/IR docs: http://csrc.nist.gov/publications/PubsSPs.html

Here's another good thread that will give you some direction: The Ethical Hacker Network - Incident Handling - Resources, from start to finish

You also get two practice exams when you sign up for a challenge, so that'll help you identify any weak areas that you can research further. Be sure to visit the 504 course page and view the day-by-day breakdowns for the course too.

It's no time soon. Probably in the next 6-9 months but I've really been contemplating this for a while now and I want to go forward with this.

I appreciate the additional info. I've read that some people have actually passed the test with that one book and tools but I don't their experience prior to that so I can only take that so far.

dynamik

Cool. Depending on how my finances shake up over the next couple of months, I might pay for it out-of-pocket, but I may have to wait until I get my 2011 training budget in January. I'll definitely post about it whenever it happens.

Having done the GPEN, I feel like I could go in tomorrow and pass. However, they do publish your scores online, and I'd like to get 85% or better so I can be a mentor.

TrainingDaze

If you have experience in the areas listed that GCIH covers and you feel confident that after reading Skoudis' book (and maybe another related book or two) that you can pass then I'd say go for it. It's not unheard of that people can just do self study for each individual topic covered in the coursework listings and pass.

...But if you're like me and don't have a lot of experience in all of the topics, and are not willing to bet $900 on yourself that you can pass the exam then maybe it would be prudent to take another look at being a facilitator.

I've signed up for the work study program when sans comes to town in December and made 503 my first pick, with about 6 other choices right behind it. It's important to remember that many of these classes greatly overlap each other so if you end up having to facilitate for 560 or 503 then you will still spend a good amount of time covering topics relevant to GCIH (apparently there are actually people out there who only pursue one Giac cert so a lot of the courses share an overlap of information, but you wouldn't know it wandering this forum ).

dynamik

Ah, you're lucky. They're not offering 503 at Security East 2011 (my area). I applied for GAWN since that's the most technical course they're offering. I need to do the GCIA, but I'm really nervous about challenging that one. They're offering 502 as well, and I'm going to try to pick up one of those books from the "book store" and hope it covers enough packet analysis to get me through 503

It's also worth mentioning that retakes are $199. If you happen to miss a challenge, that's not a bad price to pay for a second shot after you have a chance to regroup.

docrice

As hinted earlier, SANS posts your score online so anyone can see how well you did. This is one of the reasons I didn't challenge the GSEC (although in retrospect, I could have). There's that certain awkward moment when someone checks the list and you have a just barely passing score. Hmm...

TrainingDaze

Sorry, I meant to type 504, not 503... too much cissp cramming today and my head is mush. I didn't know retakes were $199, thanks for the info.

GAWN looks really cool, it's on the "someday in the future" list I've seen Josh Wright offer discounts for the course on his site (Hacking, Pen-Testing, Securing and Defending Wireless Networks) not sure if he still is, it might just be a thing they do when they introduce new classes. I'm guessing the course aligns with his new book as well (Amazon.com: Hacking Exposed Wireless, Second Edition (9780071666619): Johnny Cache, Joshua Wright, Vincent Liu: Books) which is on my fall reading list

dynamik what certs are in your crosshair now?

dynamik

No worries, I know how that goes. Someone I'm following on Twitter today said something along the lines of, "Show me on the doll what the CISSP did to you." That sums it up

I'm not sure how well that book maps to his course. While he's definitely the most well-known wireless guy on there, it's not "his" book. He wasn't involved with the first edition, and I'm not sure how much he influenced this new version. Of all the SANS certs I've looked at, this seems the most technical (with the exception of reverse engineering malware, but that's a whole different animal). It was on my "someday in the future" list as well, which is why I'm just trying to take a stab at it via work study. I won't pursue it on my own for another year or two.

I have a couple college classes that I desperately need to wrap up in the next few weeks, and then it's on to the two OffSec certs listed in my sig. I'll probably try to wrap up GCIH and GWAPT by the end of the year, finances permitting.

jahsoul

TrainingDaze wrote: »

If you have experience in the areas listed that GCIH covers and you feel confident that after reading Skoudis' book (and maybe another related book or two) that you can pass then I'd say go for it. It's not unheard of that people can just do self study for each individual topic covered in the coursework listings and pass.

...But if you're like me and don't have a lot of experience in all of the topics, and are not willing to bet $900 on yourself that you can pass the exam then maybe it would be prudent to take another look at being a facilitator.

I've signed up for the work study program when sans comes to town in December and made 503 my first pick, with about 6 other choices right behind it. It's important to remember that many of these classes greatly overlap each other so if you end up having to facilitate for 560 or 503 then you will still spend a good amount of time covering topics relevant to GCIH (apparently there are actually people out there who only pursue one Giac cert so a lot of the courses share an overlap of information, but you wouldn't know it wandering this forum ).

That's the thing. I want to but I don't have the time (7 days minimum) and the hotel stay and food is a killer. lol

I would love to facilitate for the 504 or 560 but time constraints are my biggest issue.

dynamik

Yea, if the conference isn't some place where you can make a commute or crash with friends or family, you're back into the thousands of dollars range once you add all that in.

Paul Boz

docrice wrote: »

As hinted earlier, SANS posts your score online so anyone can see how well you did. This is one of the reasons I didn't challenge the GSEC (although in retrospect, I could have). There's that certain awkward moment when someone checks the list and you have a just barely passing score. Hmm...

I got a 91 on the GSEC challenge with no books. It's truly an easy test.

That being said, I probably wouldn't challenge the GCIH without materials because I don't really know of a good incident handling book that quite describes the process in the exact words and terms that the GCIH books do. Counterhack (and really any pentesting book) would be sufficient for the 5 days of pentesting, but the incident handling book is the thickest and has the least overlap with any other course. You could probably BS your way through the incident handling stuff but as someone else said, the scores are posted online so do so at your own risk.

dynamik

Pfft, I refuse to heed my own advice

I'm actually getting reimbursed for my GSEC challenge, so I'm torn between challenging another one and being responsible and paying down a CC. Decisions, decisions...

veritas_libertas

I'm getting in the game as soon as I finish my Bachelor degree and the SSCP.

Paul Boz

I’m going to reconsider my GCFW paper now that I’m working in a new environment. I feel like I’ve been opened up to new concepts I hadn’t previously considered. I got the email which you sent me Dynamik, just haven’t had a chance to check it out yet. I have renewed vigor to get the GSE now. My current employer is going to pay me to go to the GCIA course as well. It’ll be cool to actually be able to go to a conference for once.

dynamik

Yep, you're just a GCIA and a gold paper/other GIAC cert away from being GSE-eligible. I think I will throw my personal finances to the wind and register for the GCIH. It is absolutely unacceptable that Paul is one up on me in SANS certs.

Warning Veritas: This is a dangerous game to play

Also, I just noticed Chris Mohan (occasionally posts on EH and has written some gold papers) threw in his hat for the GSE this year. I'm really curious to see how he does and what his experience is like. Show him some support; my comment is currently half the total comments 31 days to the GSE Exam | Security for a day

Paul Boz

You're 1/3 of the comments now. That's pretty sweet, good find.

veritas_libertas

dynamik wrote: »

Yep, you're just a GCIA and a gold paper/other GIAC cert away from being GSE-eligible. I think I will throw my personal finances to the wind and register for the GCIH. It is absolutely unacceptable that Paul is one up on me in SANS certs.

Warning Veritas: This is a dangerous game to play

Also, I just noticed Chris Mohan (occasionally posts on EH and has written some gold papers) threw in his hat for the GSE this year. I'm really curious to see how he does and what his experience is like. Show him some support; my comment is currently half the total comments 31 days to the GSE Exam | Security for a day

In what way, having you stalking me on the boards like you do Paul?

dynamik

veritas_libertas wrote: »

In what way, having you stalking me on boards like you do Paul?

I live less than 6 miles from Paul; these boards are the least of his concern.

jahsoul

Paul Boz wrote: »

I got a 91 on the GSEC challenge with no books. It's truly an easy test.

That being said, I probably wouldn't challenge the GCIH without materials because I don't really know of a good incident handling book that quite describes the process in the exact words and terms that the GCIH books do. Counterhack (and really any pentesting book) would be sufficient for the 5 days of pentesting, but the incident handling book is the thickest and has the least overlap with any other course. You could probably BS your way through the incident handling stuff but as someone else said, the scores are posted online so do so at your own risk.

*sigh...just sigh*

Don't you just hate when your back is against the wall... . My new employee will only pay for Cisco certs (I believe, I find out everything Monday) but for some reason, I just don't think that they will just shell out thousands to a wanna be security analyst... *shrugs*

veritas_libertas

Why not do the CCSP if they won't let you do non-Cisco exams?

dynamik

Pfft, way to crush his hopes Paul.

Paul didn't have the IH/IR resources that I do; I think they actually match the objectives quite well, but only time will tell. I'll probably take a stab at this 4-6 weeks from now. I think any of these exams can be self-studied for. It just comes down to how hard you want to work. If this means that much to you, I'm sure you can git'r done

jahsoul

veritas_libertas wrote: »

Why not CCSP?

I was thinking long and hard about the CCSP and if I really wanted to take it or just get the CCNA:Sec, CCDA, CCNP, and CCDP and focus more on learning about pentesting and "ethical" hacking..so to say. Going the SANS route, I was very interested in specifically the GCIH and GPEN.

And dynamik, he didn't crush any hopes. Just motivated me to work harder and get more money...lol.

jahsoul

I was going over the new handbook today and I think that my employer might pay for it!!! *starts "ready to rule the world" laughter*

Bl8ckr0uter

I wish my job would pay for my certs. I am thinking about self studying for some SANS certs. Starting with GSEC early next year and hopefully doing GCIA/IH before next years end.