Post your SANS/GIAC study material recommendations here
I was going to include a section in this forum's FAQ sticky about SANS/GIAC certification study materials recommended by TE's members. But it occurred to me that such a list could grow to be quite large, and that topic really should have its own sticky. Because it will take me some time to sift through all 1000+ posts in this forum to locate and consolidate all of the recommendations, I thought that I would appeal to the members of this forum to post your study material recommendations here. For saving me the time, you will have my undying gratitude.
GSEC - GIAC Security Essentials
GCIH - GIAC Certified Incident Handler
GCIA - GIAC Certified Intrusion Analyst
GPEN - GIAC Penetration Tester
GCFW - GIAC Certified Firewall Analyst
Other Resources SANS Security Training Courses SANS: Network, Information and Computer Security Training Courses SANS Information Security Reading Room SANS: Information Security Reading Room - Computer Security White Papers SANS Institute YouTube channel sansinstitute's Channel - YouTube
GSEC - GIAC Security Essentials
- SANS SECURITY 401 - SANS Security Essentials Bootcamp Style
- http://www.techexams.net/forums/sans-institute-giac-certifications/53986-passed-gsec-today.html
- http://www.techexams.net/forums/sans-institute-giac-certifications/43561-gsec-brain-dead-easy.html
- http://www.techexams.net/forums/sans-institute-giac-certifications/50246-sans-gsec-thoughts-opinions.html
- http://www.techexams.net/forums/sans-institute-giac-certifications/58574-can-you-recommend-some-books-gsec.html
GCIH - GIAC Certified Incident Handler
- SANS SECURITY 504- Hacker Techniques, Exploits & Incident Handling
- SEC504 vs SEC560 FAQ
- Ed Skoudis introduces his class SEC 504 (Security) for the SANS Institute.
- http://www.techexams.net/forums/sans-institute-giac-certifications/30452-sans-gcih.html
- http://www.techexams.net/forums/sans-institute-giac-certifications/50441-gcih-preparation-attempt-log.html
- http://www.techexams.net/forums/sans-institute-giac-certifications/47143-passed-giac-certified-incident-handler-gcih.html
GCIA - GIAC Certified Intrusion Analyst
- SANS SECURITY 503 -Intrusion Detection In-Depth
- http://www.techexams.net/forums/sans-institute-giac-certifications/8732-information-regarding-sans-giac-exams.html
- http://www.techexams.net/forums/sans-institute-giac-certifications/48343-gcia.html
- http://www.techexams.net/forums/sans-institute-giac-certifications/65080-gcia-passed.html
GPEN - GIAC Penetration Tester
GCFW - GIAC Certified Firewall Analyst
Other Resources SANS Security Training Courses SANS: Network, Information and Computer Security Training Courses SANS Information Security Reading Room SANS: Information Security Reading Room - Computer Security White Papers SANS Institute YouTube channel sansinstitute's Channel - YouTube
Comments
-
Q80Crud Member Posts: 23 ■□□□□□□□□□Let's get this started!
I've heard Counter Hack Reloaded by Ed Skoudis is highly recommended for GCIH. -
docrice Member Posts: 1,706 ■■■■■■■■■■For the GCIA, I would recommend becoming familiar with TCP/IP headers and protocol behavior as a start. Note - I haven't read all the material below and I'm just listing them as potential good references:
Wireshark Network Analysis
http://www.amazon.com/Wireshark-Network-Analysis-Official-Certified/dp/1893939995/ref=sr_1_1?ie=UTF8&qid=1312869003&sr=8-1
TCP/IP Illustrated, Volume 1
http://www.amazon.com/TCP-Illustrated-Protocols-Addison-Wesley-Professional/dp/0321336313/ref=sr_1_6?s=books&ie=UTF8&qid=1312869043&sr=1-6
Network Intrusion Detection
http://www.amazon.com/Network-Intrusion-Detection-Stephen-Northcutt/dp/0735712654/ref=sr_1_1?ie=UTF8&qid=1312869808&sr=8-1
Nmap Network Scanning
http://www.amazon.com/Nmap-Network-Scanning-Official-Discovery/dp/0979958717/ref=sr_1_1?ie=UTF8&qid=1312869082&sr=8-1
IP / TCP / UDP / ICMP headers
http://nmap.org/book/tcpip-ref.html
RFC 791 (IP)
http://www.faqs.org/rfcs/rfc791.html
RFC 792 (ICMP)
http://www.faqs.org/rfcs/rfc792.html
RFC 793 (TCP)
http://www.faqs.org/rfcs/rfc793.html
RFC 768 (UDP)
http://www.faqs.org/rfcs/rfc768.html
RFC 1034 (DNS)
http://www.faqs.org/rfcs/rfc1034.html
Snort User's Manual
http://www.snort.org/assets/166/snort_manual.pdf
Any material on Tcpdump
http://www.tcpdump.org/tcpdump_man.html
Binary / hex / decimal systems (this is a random page that I chose as an example)
http://www.blaenkdenum.com/2006/09/binary-and-hexadecimal/
Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection
http://insecure.org/stf/secnet_ids/secnet_ids.html
Mitnick vs. Shimomura
http://wiki.cas.mcmaster.ca/index.php/The_Mitnick_attack
Honeynet Project Challenges
http://www.honeynet.org/challengesHopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/ -
docrice Member Posts: 1,706 ■■■■■■■■■■For the GCFW, here's a partial list of things to check out (I haven't read all of these, but they seem promising):
Inside Network Perimeter Security
http://www.amazon.com/Inside-Network-Perimeter-Security-2nd/dp/0672327376
iptables
http://wiki.centos.org/HowTos/Network/IPTables
Cisco access-lists
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml
Wireshark Network Analysis
http://www.amazon.com/Wireshark-Netw...2869003&sr=8-1
TCP/IP Illustrated, Volume 1
http://www.amazon.com/TCP-Illustrate...2869043&sr=1-6
Nmap Network Scanning
http://www.amazon.com/Nmap-Network-S...2869082&sr=8-1
IP / TCP / UDP / ICMP headers
http://nmap.org/book/tcpip-ref.html
RFC 791 (IP)
http://www.faqs.org/rfcs/rfc791.html
RFC 792 (ICMP)
http://www.faqs.org/rfcs/rfc792.html
RFC 793 (TCP)
http://www.faqs.org/rfcs/rfc793.html
RFC 768 (UDP)
http://www.faqs.org/rfcs/rfc768.html
RFC 1034 (DNS)
http://www.faqs.org/rfcs/rfc1034.html
Any material on Tcpdump
http://www.tcpdump.org/tcpdump_man.html
Binary / hex / decimal systems (this is a random page that I chose as an example)
http://www.blaenkdenum.com/2006/09/b...d-hexadecimal/
Mitnick vs. Shimomura
http://wiki.cas.mcmaster.ca/index.ph...Mitnick_attackHopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/ -
Chris:/* Member Posts: 658 ■■■■■■■■□□For the G2700 I used the following study material all of which I found viable for the exam.
Study Material:
IT Governance A Manager's Guide to Data Security and ISO 27001 / ISO 27002
Amazon.com: IT Governance: A Manager's Guide to Data Security and ISO 27001 / ISO 27002 (9780749452711): Alan Calder, Steve Watkins: Books
How to Achieve 27001 Certification: An Example of Applied Compliance Management
Amazon.com: How to Achieve 27001 Certification: An Example of Applied Compliance Management (9780849336485): Sigurjon Thor Arnason, Keith D. Willett: Books
CISSP All-in-One Exam Guide
Amazon.com: CISSP All-in-One Exam Guide, Fifth Edition (9780071602174): Shon Harris: Books
Information Security Management Handbook
Buy Information Security Management Handbook by Harold F. Tipton, Micki Krause Used from Barnes & Noble
Information Security Management Handbook Volume 2
Amazon.com: Information Security Management Handbook, Sixth Edition, Volume 2 (978142006708: Harold F. Tipton, Micki Krause: Books
CERT VTE CISSP Videos
ISO/IEC 27000
ISO/IEC 27002:2005Degrees:
M.S. Information Security and Assurance
B.S. Computer Science - Summa Cum Laude
A.A.S. Electronic Systems Technology -
docrice Member Posts: 1,706 ■■■■■■■■■■I wish I could recommend a small set of books and other resources specifically for the GSEC, but since the coverage is so vast (even at a basic level) it's hard to pin it down to a few. Since it's often compared to the CISSP, one might assume that one of the CISSP books would be a good start, but I wouldn't necessarily say so (although it certainly doesn't hurt and provides good foundations).
Another way to approach it would be to start with the topics that Security+ covers and take each section to the next level. Make a list of the differences between what the coverage from that and the GSEC is and go from there. Then add on some Windows and Unix-specific books (such as the Hacking Exposed series for Windows and Linux).Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/ -
Chris:/* Member Posts: 658 ■■■■■■■■□□Any recommendations for the GSEC?
I am writing this list up to cover anyone who wants to take the certification so if you have already read through any of this material you should be good to go.
I would recommend Linux+ study material such as the new All-in-one:
http://www.amazon.com/LPIC-1-CompTIA-Certification-LX0-101-LX0-102/dp/0071771573/ref=sr_1_1?ie=UTF8&qid=1318723418&sr=8-1
For the Windows knowledge requirements I would look at:
Amazon.com: MCSA/MCSE Self-Paced Training Kit (Exam 70-290): Managing and Maintaining a Microsoft® Windows Server(TM) 2003 Environment, Second Edition (9780735622890): Dan Holme, Orin Thomas: Books
For the security requirements:
http://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-201/dp/1439236364/ref=sr_1_1?ie=UTF8&qid=1318723593&sr=8-1
To get an overview of some of the tools out there:
http://www.amazon.com/CEH-Prep-Guide-Comprehensive-Certified/dp/0470135921/ref=sr_1_5?ie=UTF8&qid=1318723622&sr=8-5
For the basics of networking before diving to deep you should read ICND1:
http://www.amazon.com/CCENT-ICND1-Official-Certification-Guide/dp/1587201828/ref=sr_1_1?s=books&ie=UTF8&qid=1318724497&sr=1-1
The only books I know of that shows how networking works concisely from the engineering perspective was TCP/IP Illustrated. A new version of the books material is supposed to be covered in one book called The Illustrated Network (which I have not yet read). As I understand it is more entry level compared to the older books. That book should better fit the objectives of the GSEC as the TCP/IP Illustrated set would be overkill.
TCP/IP Illustrated all 3 volumes:
Amazon.com: TCP/IP Illustrated (3 Volume Set) (0785342776317): W. Richard Stevens, Gary R. Wright: Books
The Illustrated Network:
http://www.amazon.com/Illustrated-Network-Modern-Kaufmann-Networking/dp/0123745411/ref=wl_it_dp_o_npd?ie=UTF8&coliid=I18XXF1JILWI1D&colid=2BPLS3TKW2NU9Degrees:
M.S. Information Security and Assurance
B.S. Computer Science - Summa Cum Laude
A.A.S. Electronic Systems Technology -
wiredwizard Member Posts: 1 ■□□□□□□□□□Any advice on study material other then SANS for GPEN or GWAPT?
Morgan Todd ~ Memphis, Tn -
dover Member Posts: 184 ■■■■□□□□□□I didn't see it mentioned elsewhere but for GSEC you may want to check out the latest version of the Network Security Bible by Eric Cole. From my understanding Cole helped build and teach the SANS GSEC course. I haven't taken the GSEC myself, but from what I've heard this book could be very useful - especially when combined with some of the other suggestions from Chris:/*
http://www.amazon.com/Network-Security-Bible-Eric-Cole/dp/0470502495 -
l!ght Member Posts: 48 ■■□□□□□□□□How current are these sources? I mean Tao is from 2004, NSB is from 2009. Is it still worth it to buy them?Jesus saves!
-
JDMurray Admin Posts: 13,099 Admin
-
docrice Member Posts: 1,706 ■■■■■■■■■■While not necessarily study material for the GIAC exams, the Gold papers submitted by SANS students / GIAC certification holders might be a good resource for general infosec topics.
http://www.giac.org/certified-professionals/directory/latest-papersHopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/ -
isairamm Registered Users Posts: 2 ■□□□□□□□□□Hi am planning to take GCFW cert, I read about the links that were mentioned below will that suffice or anything else is required to get through the exam.
Please help me in this regard.For the GCFW, here's a partial list of things to check out (I haven't read all of these, but they seem promising):
Inside Network Perimeter Security
Amazon.com: Inside Network Perimeter Security (2nd Edition) (9780672327377): Stephen Northcutt, Lenny Zeltser, Scott Winters, Karen Kent, Ronald W. Ritchey: Books
iptables
HowTos/Network/IPTables - CentOS Wiki
Cisco access-lists
Configuring IP Access Lists - Cisco Systems
Wireshark Network Analysis
http://www.amazon.com/Wireshark-Netw...2869003&sr=8-1
TCP/IP Illustrated, Volume 1
http://www.amazon.com/TCP-Illustrate...2869043&sr=1-6
Nmap Network Scanning
http://www.amazon.com/Nmap-Network-S...2869082&sr=8-1
IP / TCP / UDP / ICMP headers
TCP/IP Reference
RFC 791 (IP)
RFC 791 - Internet Protocol (RFC791)
RFC 792 (ICMP)
RFC 792 - Internet Control Message Protocol (RFC792)
RFC 793 (TCP)
RFC 793 - Transmission Control Protocol (RFC793)
RFC 768 (UDP)
RFC 768 - User Datagram Protocol (RFC76
RFC 1034 (DNS)
RFC 1034 - Domain names - concepts and facilities (RFC1034)
Any material on Tcpdump
Manpage of TCPDUMP
Binary / hex / decimal systems (this is a random page that I chose as an example)
http://www.blaenkdenum.com/2006/09/b...d-hexadecimal/
Mitnick vs. Shimomura
http://wiki.cas.mcmaster.ca/index.ph...Mitnick_attack -
SephStorm Member Posts: 1,731 ■■■■■■■□□□With my latest topic going the way it is, I wanted to ask, resources for the non traditional GIACs? GCED, GCWN (the windows, not wireless), GCUX?
-
docrice Member Posts: 1,706 ■■■■■■■■■■Just came across this for those looking at the GCIH:
http://www.insecurityasylum.com/2012/05/gcih-study-plan.htmlHopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/ -
JDMurray Admin Posts: 13,099 AdminThat gives me great idea! I'm in the SANS 401 course in San Diego in a couple of weeks. I should do a similar blog articles linking to resources people can use as a pre-study plan for SANS 401 and the GIAC GSEC. I might be able to do the same for SANS 501/GIAC GCED too. I'll update this post with links to those articles.
-
flt0nujr Member Posts: 65 ■■■□□□□□□□That would be awesome JD!!!B.S Information Technology Telecommunications
A.S Network Server Administration
M.S Information Security Management (expected 2014-2015) -
docrice Member Posts: 1,706 ■■■■■■■■■■Here's a blog post from a former member here who successfully challenged the GWAPT exam:
https://www.infosiege.net/2012/04/gwapt-challenge-review/Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/ -
JDMurray Admin Posts: 13,099 AdminAnd speaking of challenging GIAC exams, I just confirmed with GIAC that a challenge exam is also "open book, open notes" just like a GIAC exam taken after attending SAN training. No electronics are allowed in either, so it's one bag of only books and hardcopy for all candidates.
Something else I need to put into the FAQ is that the $999US GIAC challenge exam price is reduced to $799US if you are a SANS alumni (that is, having attended a SANS training class and passed the associated GIAC exam). -
ChooseLife Member Posts: 941 ■■■■■■■□□□And speaking of challenging GIAC exams, I just confirmed with GIAC that a challenge exam is also "open book, open notes" just like a GIAC exam taken after attending SAN training. No electronics are allowed in either, so it's one bag of only books and hardcopy for all candidates.Something else I need to put into the FAQ is that the $999US GIAC challenge exam price is reduced to $799US if you are a SANS alumni (that is, having attended a SANS training class and passed the associated GIAC exam).
I found the official statement and it looks confusing (highlights are mine):
GIAC Exam Challenge InfoGIAC Exam Challenge is for subject matter experts who wish to attempt a certification exam without taking the associated SANS training course.
...
There is a SANS alumni rate for anyone who has previously taken the SANS training course associated with the certification exam they wish to challenge. For example, if you previously took SANS SEC401 (Security Essentials) through any of the SANS training venues, you would be eligible to purchase the GSEC Challenge Exam at the discounted alumni rate of $799.“You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896
GetCertified4Less - discounted vouchers for certs -
JDMurray Admin Posts: 13,099 AdminI understood that a SANS Alumni is anyone who has taken a SANS training course and passed the corresponding GIAC exam. When I saw the term SANS Alumni associated with pricing of GIAC challenge exams, I assumed this was the same thing.
Per their example, if I have taken SANS 401, why would I need to challenge the GSEC exam? Taking 401 is the prerequisite for taking the GSEC. Maybe there is a time limit on how long after taking a SANS class you have to take the GIAC exam.
I'll check with GIAC about all this and post back. -
ipchain Member Posts: 297Per their example, if I have taken SANS 401, why would I need to challenge the GSEC exam? Taking 401 is the prerequisite for taking the GSEC. Maybe there is a time limit on how long after taking a SANS class you have to take the GIAC exam.
Unless things have changed, students have about (4) months to take the corresponding GIAC exam from the moment they are provided with the course material. Should you need additional time, you can always extend the deadline for a fee, which is way cheaper than the Alumni discount.
Not sure if this will help or not, but I bought one of their courses through one of the traditional training venues and decided not to pay for the certification attempt at the time. This is not typically a smart move as it's cheaper to pay for the certification attempt once you are registering, but I had no intention of pursuing this specific cert. Although I lost the opportunity to save about $200 USD, I can still request the Alumni discount in the future should I change my mind.Every day hurts, the last one kills. -
JDMurray Admin Posts: 13,099 AdminOK, the official clarification is:
- After completing a SANS training class, the student is given a four month deadline to pass the corresponding GIAC exam.
- If the exam is not passed within this time, the student can purchase a 45-day deadline extension before the deadline passes.
- If the exam deadline passes and was not extended, the student can challenge the exam at a SANS Alumni discount for having taken the corresponding SANS class. (I didn't ask for how long after the deadline the discount will be honored.)
- The SANS Alumni discount only applies to challenging a GIAC exam corresponding to a SANS class previously taken by the alumni and after the deadline has passed with no extension taken.
All that just to see how to save $200US. -
ChooseLife Member Posts: 941 ■■■■■■■□□□4.The SANS Alumni discount only applies to challenging a GIAC exam corresponding to a SANS class previously taken by the alumni and after the deadline has passed with no extension taken.
Getting ready for San Diego?“You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896
GetCertified4Less - discounted vouchers for certs -
uyen_nguyen Member Posts: 32 ■■□□□□□□□□For GAWN (Auditing Wireless Network), I used:
Zigbee Wireless Networking by Drew Gislason
Hacking Exposed Wireless, Second Editionby Cache / Liu / Wright (must have this book because Wright is course author of GAWN)
CWAP Certified Wireless Analysis Professional Official Study Guide: Exam PW0-270 (CWNP Official Study Guides)by David A. Westcott, David D. Coleman, Ben Miller, Peter Mackenzie
CWDP Certified Wireless Design Professional Official Study Guide: Exam PW0-250 (Study Guide Pw0-250) by Shawn M. Jackman, Matt Swartz, Marcus Burton, Thomas W. Head
CWSP Certified Wireless Security Professional Official Study Guide: Exam PW0-204 (CWNP Official Study Guides)by David D. Coleman, David A. Westcott, Bryan E. Harkins, Shawn M. Jackman
CWNA: Certified Wireless Network Administrator Official Study Guide: Exam PW0-105by David D. Coleman, David A. Westcott
And other material from Cisco wireless forumEnglish is my second language. My apology for my grammar errors. -
uyen_nguyen Member Posts: 32 ■■□□□□□□□□For GWAPT, I am using:
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws [Paperback]
Dafydd Stuttard (Author), Marcus Pinto (Author)
HACKING EXPOSED WEB APPLICATIONS, 3rd Edition [Paperback]
Joel Scambray (Author), Vincent Liu (Author), Caleb Sima (Author)
SQL Injection Attacks and Defense, Second Edition [Paperback]
Justin Clarke (Author), Kevvie Fowler (Contributor)
Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-' [Paperback]
Mario Heiderich (Author), Eduardo Alberto Vela Nava (Author), Gareth Heyes (Author), David Lindsay (Author)
XSS Attacks: Cross Site Scripting Exploits and Defense [Paperback]
Seth Fogie (Author), Jeremiah Grossman (Author), Robert Hansen (Author), Anton Rager (Author), Petko D. Petkov (Author)
bunch of javascript, PHP, HTML5, Python knowledge and ton of video available on youtube.
Javascript by Example 2nd is an excellend resource for Javascript in the Programming Fundamental objective.
(I will update more as I m studying for GWAPT)English is my second language. My apology for my grammar errors. -
Jurgenius Member Posts: 3 ■□□□□□□□□□OK, the official clarification is:
- After completing a SANS training class, the student is given a four month deadline to pass the corresponding GIAC exam.
- If the exam is not passed within this time, the student can purchase a 45-day deadline extension before the deadline passes.
- If the exam deadline passes and was not extended, the student can challenge the exam at a SANS Alumni discount for having taken the corresponding SANS class. (I didn't ask for how long after the deadline the discount will be honored.)
- The SANS Alumni discount only applies to challenging a GIAC exam corresponding to a SANS class previously taken by the alumni and after the deadline has passed with no extension taken.
All that just to see how to save $200US.
JDMurray,
Do you know perhaps whether taking OnDemand, vLive or Self-Study training will allow for the lower certification price $579?
Regards,
J. -
JDMurray Admin Posts: 13,099 AdminYes, US$579 is curently the GIAC exam price if you sign up to take the exam when you purchase the classroom, vLive, and OnDemand training. For self-study, the exam challenge cost is US$999.
-
Jurgenius Member Posts: 3 ■□□□□□□□□□Yes, US$579 is curently the GIAC exam price if you sign up to take the exam when you purchase the classroom, vLive, and OnDemand training. For self-study, the exam challenge cost is US$999.
Thanks for the post!
J. -
LionelTeo Member Posts: 526 ■■■■■■■□□□Here is a list of books written by GIAC Instructors/Students/or people who have taken and pass GIAC Exams before.
Note: I never said you would definitely pass base on these books, however, their content would be good enough to probably help you to get at least a pass in their training materials. You should buy a practice test at one of their site so as the gauge yourself if you are ready for the real exam. You should also actively scout yourself for other online resources that may aid you in the exam, a couple of others have post them in the forum. Please do not blame me if you cannot pass the exams, this are just recommendations from me out of good will.
I compile this list for my future usage to reinforce my concepts, meaning I haven't had the time to read them before.
GCIH
Counter Hack Reloaded (Ed Skoudis, SANS Instructor for GCIH)
Hacker Techniques, Tools, and Incident Handling (Jones & Bartlett Learning Information Systems Security & Assurance Series)
Incident Response and Computer Forensics, Second Edition
CISSP Study Guide (2nd Edition) (Eric Conrad)
Page 329-331 (Incident Response Management)
Chapter 10: Domain 9: Legal
Cyber Laws for Europe/UK/US/Singapore/Japan/Germany and other countries Found Online
Virtualisation Escape materials found online
GAWN
Hacking Exposed Wireless (Joshua Wright, SANS Instructor for GAWN)
Exam Note: Never took the exam with this book before
GISP
CISSP Study Guide 2nd Edition (Eric Conrad, SANS Instructor for GISP)
Exam Note: I pass 76% with this book alone
GCIA
Practical Packet Analysis (Chris Sanders)
Wireshark Network Analysis (Non GIAC Related)
Network Intrustion Detection (Stephen Northcutt)
Inside Network Perimeter Security (Stephen Northcutt)
Intrusion Signature and Analysis (Stephen Northcutt)
Internet Core Protocols
Books Recommended by Stephen Northcutt (See the reviews)
The Practice of Network Security Monitoring: Understanding Incident Detection and Response
Tao of Security Monitoring
Extrusion Detection: Security Monitoring for Internal Intrusions
Latest Snort Manual: SNORT Users Manual 2.9.5 *Some questions answers can be found in Snort Manual
Exam Warning: There is a section on the exam that ask about the latest technology and detection tools. You cannot find them in any of the books. Neither it is easy to find them online.
GSEC
Having study CISSP, the recommendation I can give in regards to GSEC, it is about 8 domains from CISSP and another two books of GSEC are windows and unix related.
CISSP Study Guide (2nd Edition) (Eric Conrad)
- Minus Hardware Architecture
- Minus Software Development
Network Security Bible (Eric Cole) *Someone reviewed on the Amazon page that they use it along for GSEC course
-Microsoft® Windows® Security Resource Kit
- Linux Administration: A Beginner's Guide, Fifth Edition
GCFA
Please see, An Eye on Forensics: Studying for the GCFA certification: Part 1
Most from the list is prepared for myself to challenge the GSE Exam, but some is prepared for additional reading if I have the interest in the future to branch into those field. I will be preparing for my GSE after my OSCP. I intend to use the experience from OSCP to cover part of the GSE hands on lab domain.
Not Sure where to place this
Advance Persistent Threat (Eric Cole)