SANS challengers group

Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
Besides myself, there is at least two other people here who want to challenge a SANS cert in the coming months. I want to know if anyone is interesting in starting a group for those challenging certain certs. My main focuses would be GCIA and GCFW but GWAPT and GPEN also look very tempting. I basically think it would be a cool area for people to keep track of their study materials and suggest study material, like which books they are mapping to what objectives and etc. Possibly even swap notes (not ****, notes they created for the test) and suggest websites and etc. Just a thought. What do you guys think?
«13

Comments

  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    Here is what I have so far:

    Amazon.com: The Tao of Network Security Monitoring: Beyond Intrusion Detection (9780321246776): Richard Bejtlich: Books


    Amazon.com: Extrusion Detection: Security Monitoring for Internal Intrusions (9780321349965): Richard Bejtlich: Books

    Amazon.com: Security Monitoring: Proven Methods for Incident Detection on Enterprise Networks (9780596518165): Chris Fry, Martin Nystrom: Books

    Amazon.com: Wireshark Network Analysis: The Official Wireshark Certified Network Analyst Study Guide (978189393999icon_cool.gif: Laura Chappell, Gerald Combs: Books

    Amazon.com: The TCP/IP Guide: A Comprehensive, Illustrated Internet Protocols Reference (0689145704709): Charles M. Kozierok: Books

    Download details: TCP/IP Fundamentals for Microsoft Windows

    Amazon.com: IPv6 Essentials (9780596100582): Silvia Hagen: Books

    Snort :: Docs
    Manpage of TCPDUMP

    The material for the SCNS also looked promising but it would seem that a person here said that it was crap. There are also a bunch of old books on snort out there but I think that it would be better to just read the user guides and such. Realistically I think 300-400 hours of labbing and reading would be required to challenge one of these certs. I was thinking of labbing up at least 3-4 snort/ids boxes and searching the internet for interesting pcaps.

    I am going to try to see if the people from SNORT will let me review some of their training materials for the snortcp.
  • ibcritnibcritn Member Posts: 340
    Awesome! I am in and I will contribute information soon.

    GIAC GPEN is my goal, but I am also interested in GCFW
    CISSP | GCIH | CEH | CNDA | LPT | ECSA | CCENT | MCTS | A+ | Net+ | Sec+

    Next Up: Linux+/RHCSA, GCIA
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    ibcritn wrote: »
    Awesome! I am in and I will contribute information soon.

    GIAC GPEN is my goal, but I am also interested in GCFW


    Awesome! I am glad to see someone is on board. Hopefully we can get a few more people and this group can really take off.
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    I might be game for the GCIA. It seems to be a very "core" GIAC cert. If my employer won't be willing to support me for the 503 course, I'll have to consider challenging it since doing it out-of-pocket might not be feasible. I think swapping study notes would be great for cross-reinforcement. Since the GCIA is a bit more narrowly-focused than other GIAC certs (like say the GCFW), it's probably more feasible to challenge it.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    docrice wrote: »
    I might be game for the GCIA. It seems to be a very "core" GIAC cert. If my employer won't be willing to support me for the 503 course, I'll have to consider challenging it since doing it out-of-pocket might not be feasible. I think swapping study notes would be great for cross-reinforcement. Since the GCIA is a bit more narrowly-focused than other GIAC certs (like say the GCFW), it's probably more feasible to challenge it.


    Awesome. How much IDS/IPS experience do you have?

    I do see what you mean about the narrow focus. Some of the certs seem pretty all inclusive (like GCED). The WCNA should help you towards that goal (that's one of the reasons why I'm going for it).
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    Oddly enough, I have almost no real experience with intrusion detection even though I've worked with firewalls and VPNs for years. Part of the challenge for me regarding the GCIA is to learn my header offsets and hex so it's second nature. I have a practice test for it in my SANS portal queue that I'm going try my hand on to see how badly I'm able to fail it right now.

    The GAWN is also a big consideration for me. I took a practice test for it a few weeks ago and got a little under 70% so I know where some of my weak spots are. I might challenge that one as well. If anyone's also interested in the GAWN, it'd be great to share notes.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    docrice wrote: »
    Oddly enough, I have almost no real experience with intrusion detection even though I've worked with firewalls and VPNs for years. Part of the challenge for me regarding the GCIA is to learn my header offsets and hex so it's second nature. I have a practice test for it in my SANS portal queue that I'm going try my hand on to see how badly I'm able to fail it right now.

    The GAWN is also a big consideration for me. I took a practice test for it a few weeks ago and got a little under 70% so I know where some of my weak spots are. I might challenge that one as well. If anyone's also interested in the GAWN, it'd be great to share notes.


    Why would you go after GCFW if you have so much experience with firewalls?

    GAWN looks pretty hardcoreicon_cool.gif
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    I may have some experience with firewalls and VPNs, but that doesn't make me well-versed with the tricks involved in attacking them. I've gone through most of the OnDemand GCFW course so far, and I have to admit it's not as heavy as I expected it to be. It did, however, provide me a lot of additional insight on some areas. That by itself makes it valuable and there are some things I will immediately apply in my work environment after the holidays. In the end, the GCFW would be nice to at least validate my existing knowledge.

    The GAWN (based on my practice exam) isn't so bad if you have existing wireless experience. For example, if you know 802.1X pretty well, that should help greatly.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    Interesting. I hope you do go for the GCIA. It would be great to have a different perspective on the objectives.
  • Chris:/*Chris:/* Member Posts: 658 ■■■■■■■■□□
    I will be doing the G7799 and hopefully solidify my subject for my GSEC Gold paper.
    Degrees:
    M.S. Information Security and Assurance
    B.S. Computer Science - Summa Cum Laude
    A.A.S. Electronic Systems Technology
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    Chris:/* wrote: »
    I will be doing the G7799 and hopefully solidify my subject for my GSEC Gold paper.

    The g7799 looks like CISSP. You should do very well. I also look forward to seeing your GSEC gold paper.
  • Chris:/*Chris:/* Member Posts: 658 ■■■■■■■■□□
    The g7799 looks like CISSP. You should do very well. I also look forward to seeing your GSEC gold paper.

    Thanks, yeah G7799 covers the same information just from an auditing perspective. I am currently researching "Production Honeypots and Honeynets" for my GSEC Gold Paper. Thanks for the support.
    Degrees:
    M.S. Information Security and Assurance
    B.S. Computer Science - Summa Cum Laude
    A.A.S. Electronic Systems Technology
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    Chris:/* wrote: »
    Thanks, yeah G7799 covers the same information just from an auditing perspective. I am currently researching "Production Honeypots and Honeynets" for my GSEC Gold Paper. Thanks for the support.


    Honeypots and Honeynets oohh sexy icon_cool.gif

    I have always been curious about who actually deploys honeypots on production networks. Probably only the big, big boys and the government.
  • Chris:/*Chris:/* Member Posts: 658 ■■■■■■■■□□
    A lot of ISPs do as well as you pointed out the big boys. Only the big boys can afford the lawyers that are the added expense when dealing with them.
    Degrees:
    M.S. Information Security and Assurance
    B.S. Computer Science - Summa Cum Laude
    A.A.S. Electronic Systems Technology
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    Chris:/* wrote: »
    A lot of ISPs do as well as you pointed out the big boys. Only the big boys can afford the lawyers that are the added expense when dealing with them.

    Now I am really curious....

    Why would you require extra lawyers for a honeynet? I mean to me it seems like a proactive measure for making learning about and (eventually) defending yourself against attacks. Maybe I am missing something. Guess I'll have to wait for the paper lol. Has your thesis been approved yet?
  • Chris:/*Chris:/* Member Posts: 658 ■■■■■■■■□□
    No my thesis has not been approved yet I am doing the pre-research into the domain so I can speed up the actual research for the specific topic.

    Honeypots can be configured to be intelligence gathering, IDS/IPS or even aggressive. In addition they can be considered a form of entrapment if not configured properly. There are a large number of very dynamic problems to consider before an organization ever implements one. This is why many groups just avoid them because they could even create an avenue for hackers to launch attacks from or a major legal hassle.
    Degrees:
    M.S. Information Security and Assurance
    B.S. Computer Science - Summa Cum Laude
    A.A.S. Electronic Systems Technology
  • L0gicB0mb508L0gicB0mb508 Member Posts: 538
    I'll throw my hat in the ring. I hope to challenge GPEN sometime in the near future.
    I bring nothing useful to the table...
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    I'll throw my hat in the ring. I hope to challenge GPEN sometime in the near future.

    Awesome lol. I wondered when you where going to show up.
  • L0gicB0mb508L0gicB0mb508 Member Posts: 538
    Awesome lol. I wondered when you where going to show up.
    lol don't I always?
    I bring nothing useful to the table...
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    lol don't I always?

    Yes unfortunately. :D


    Do you have a target date in mind? Also do you know what material you are going to use? The OSCP class should have given you a head start.
  • L0gicB0mb508L0gicB0mb508 Member Posts: 538
    Yes unfortunately. :D


    Do you have a target date in mind? Also do you know what material you are going to use? The OSCP class should have given you a head start.

    I don't have a target date in mind at this moment. I'm kind of playing it by ear. I may actually put in my training form today since I'm just sitting around. I will use the SANS self study material. I don't think I'm going to do OnDemand just due to cost. I have some other stuff I want to do with my training budget as well.
    I bring nothing useful to the table...
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    I don't have a target date in mind at this moment. I'm kind of playing it by ear. I may actually put in my training form today since I'm just sitting around. I will use the SANS self study material. I don't think I'm going to do OnDemand just due to cost. I have some other stuff I want to do with my training budget as well.


    Isn't the self study stuff like 3k?
  • L0gicB0mb508L0gicB0mb508 Member Posts: 538
    Isn't the self study stuff like 3k?
    Yeah after running the numbers I may as well do OnDemand. It's only like $400 more. I should still have enough left over to do my CISSP and maybe CEH.
    I bring nothing useful to the table...
  • ipchainipchain Member Posts: 297
    Good luck guys. A friend of mine is also doing the GPEN, in fact his exam is next month. I've asked him how does it like it and he is loving it so far.

    GPEN is something I would definitely look at in the near future.
    Every day hurts, the last one kills.
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    Yeah after running the numbers I may as well do OnDemand. It's only like $400 more. I should still have enough left over to do my CISSP and maybe CEH.


    I keep forgetting you are a baller, there is no way I am paying 3k for a class right now icon_sad.gif

    I might justify taking the oscp and elearn courses but even the oscp is pretty high.
  • L0gicB0mb508L0gicB0mb508 Member Posts: 538
    I keep forgetting you are a baller, there is no way I am paying 3k for a class right now icon_sad.gif

    I might justify taking the oscp and elearn courses but even the oscp is pretty high.

    I'm not baller. I would never pay that much money for a course. My company will throw down the cash for it, that's the difference. I paid for the OSCP course out of my pocket and that was a bit steep for my personal budget lol.
    I bring nothing useful to the table...
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    I'm not baller. I would never pay that much money for a course. My company will throw down the cash for it, that's the difference. I paid for the OSCP course out of my pocket and that was a bit steep for my personal budget lol.


    Oh. Well I just need an employer who would do that lol
  • ibcritnibcritn Member Posts: 340
    I'm not baller. I would never pay that much money for a course. My company will throw down the cash for it, that's the difference. I paid for the OSCP course out of my pocket and that was a bit steep for my personal budget lol.

    How much is the OnDemand? I was unsure if I was going to push for it as I have a 6k limit and I have already eaten up about 2.5k between CEH/CISSP.

    I have the GPEN class from 2009, but not sure if I should grab the more updated Ondemand stuff.... sadly, it will be out of my pocket as my 1 graduate level class is eating up 4k icon_sad.gif
    CISSP | GCIH | CEH | CNDA | LPT | ECSA | CCENT | MCTS | A+ | Net+ | Sec+

    Next Up: Linux+/RHCSA, GCIA
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    The cost of the SelfStudy courses and OnDemand bundles are here:

    https://www.sans.org/registration/register.php?conferenceid=208
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    Does anyone know exactly what the online bundles and assessment gives you (for 399)?
Sign In or Register to comment.