Post your SANS/GIAC study material recommendations here
I was going to include a section in this forum's FAQ sticky about SANS/GIAC certification study materials recommended by TE's members. But it occurred to me that such a list could grow to be quite large, and that topic really should have its own sticky. Because it will take me some time to sift through all 1000+ posts in this forum to locate and consolidate all of the recommendations, I thought that I would appeal to the members of this forum to post your study material recommendations here. For saving me the time, you will have my undying gratitude. 
GSEC - GIAC Security Essentials
GCIH - GIAC Certified Incident Handler
GCIA - GIAC Certified Intrusion Analyst
GPEN - GIAC Penetration Tester
GCFW - GIAC Certified Firewall Analyst
Other Resources SANS Security Training Courses SANS: Network, Information and Computer Security Training Courses SANS Information Security Reading Room SANS: Information Security Reading Room - Computer Security White Papers SANS Institute YouTube channel sansinstitute's Channel - YouTube

GSEC - GIAC Security Essentials
- SANS SECURITY 401 - SANS Security Essentials Bootcamp Style
- http://www.techexams.net/forums/sans-institute-giac-certifications/53986-passed-gsec-today.html
- http://www.techexams.net/forums/sans-institute-giac-certifications/43561-gsec-brain-dead-easy.html
- http://www.techexams.net/forums/sans-institute-giac-certifications/50246-sans-gsec-thoughts-opinions.html
- http://www.techexams.net/forums/sans-institute-giac-certifications/58574-can-you-recommend-some-books-gsec.html
GCIH - GIAC Certified Incident Handler
- SANS SECURITY 504- Hacker Techniques, Exploits & Incident Handling
- SEC504 vs SEC560 FAQ
- Ed Skoudis introduces his class SEC 504 (Security) for the SANS Institute.
- http://www.techexams.net/forums/sans-institute-giac-certifications/30452-sans-gcih.html
- http://www.techexams.net/forums/sans-institute-giac-certifications/50441-gcih-preparation-attempt-log.html
- http://www.techexams.net/forums/sans-institute-giac-certifications/47143-passed-giac-certified-incident-handler-gcih.html
GCIA - GIAC Certified Intrusion Analyst
- SANS SECURITY 503 -Intrusion Detection In-Depth
- http://www.techexams.net/forums/sans-institute-giac-certifications/8732-information-regarding-sans-giac-exams.html
- http://www.techexams.net/forums/sans-institute-giac-certifications/48343-gcia.html
- http://www.techexams.net/forums/sans-institute-giac-certifications/65080-gcia-passed.html
GPEN - GIAC Penetration Tester
GCFW - GIAC Certified Firewall Analyst
Other Resources SANS Security Training Courses SANS: Network, Information and Computer Security Training Courses SANS Information Security Reading Room SANS: Information Security Reading Room - Computer Security White Papers SANS Institute YouTube channel sansinstitute's Channel - YouTube
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
Comments
I've heard Counter Hack Reloaded by Ed Skoudis is highly recommended for GCIH.
Wireshark Network Analysis
http://www.amazon.com/Wireshark-Network-Analysis-Official-Certified/dp/1893939995/ref=sr_1_1?ie=UTF8&qid=1312869003&sr=8-1
TCP/IP Illustrated, Volume 1
http://www.amazon.com/TCP-Illustrated-Protocols-Addison-Wesley-Professional/dp/0321336313/ref=sr_1_6?s=books&ie=UTF8&qid=1312869043&sr=1-6
Network Intrusion Detection
http://www.amazon.com/Network-Intrusion-Detection-Stephen-Northcutt/dp/0735712654/ref=sr_1_1?ie=UTF8&qid=1312869808&sr=8-1
Nmap Network Scanning
http://www.amazon.com/Nmap-Network-Scanning-Official-Discovery/dp/0979958717/ref=sr_1_1?ie=UTF8&qid=1312869082&sr=8-1
IP / TCP / UDP / ICMP headers
http://nmap.org/book/tcpip-ref.html
RFC 791 (IP)
http://www.faqs.org/rfcs/rfc791.html
RFC 792 (ICMP)
http://www.faqs.org/rfcs/rfc792.html
RFC 793 (TCP)
http://www.faqs.org/rfcs/rfc793.html
RFC 768 (UDP)
http://www.faqs.org/rfcs/rfc768.html
RFC 1034 (DNS)
http://www.faqs.org/rfcs/rfc1034.html
Snort User's Manual
http://www.snort.org/assets/166/snort_manual.pdf
Any material on Tcpdump
http://www.tcpdump.org/tcpdump_man.html
Binary / hex / decimal systems (this is a random page that I chose as an example)
http://www.blaenkdenum.com/2006/09/binary-and-hexadecimal/
Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection
http://insecure.org/stf/secnet_ids/secnet_ids.html
Mitnick vs. Shimomura
http://wiki.cas.mcmaster.ca/index.php/The_Mitnick_attack
Honeynet Project Challenges
http://www.honeynet.org/challenges
Inside Network Perimeter Security
http://www.amazon.com/Inside-Network-Perimeter-Security-2nd/dp/0672327376
iptables
http://wiki.centos.org/HowTos/Network/IPTables
Cisco access-lists
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml
Wireshark Network Analysis
http://www.amazon.com/Wireshark-Netw...2869003&sr=8-1
TCP/IP Illustrated, Volume 1
http://www.amazon.com/TCP-Illustrate...2869043&sr=1-6
Nmap Network Scanning
http://www.amazon.com/Nmap-Network-S...2869082&sr=8-1
IP / TCP / UDP / ICMP headers
http://nmap.org/book/tcpip-ref.html
RFC 791 (IP)
http://www.faqs.org/rfcs/rfc791.html
RFC 792 (ICMP)
http://www.faqs.org/rfcs/rfc792.html
RFC 793 (TCP)
http://www.faqs.org/rfcs/rfc793.html
RFC 768 (UDP)
http://www.faqs.org/rfcs/rfc768.html
RFC 1034 (DNS)
http://www.faqs.org/rfcs/rfc1034.html
Any material on Tcpdump
http://www.tcpdump.org/tcpdump_man.html
Binary / hex / decimal systems (this is a random page that I chose as an example)
http://www.blaenkdenum.com/2006/09/b...d-hexadecimal/
Mitnick vs. Shimomura
http://wiki.cas.mcmaster.ca/index.ph...Mitnick_attack
Study Material:
IT Governance A Manager's Guide to Data Security and ISO 27001 / ISO 27002
Amazon.com: IT Governance: A Manager's Guide to Data Security and ISO 27001 / ISO 27002 (9780749452711): Alan Calder, Steve Watkins: Books
How to Achieve 27001 Certification: An Example of Applied Compliance Management
Amazon.com: How to Achieve 27001 Certification: An Example of Applied Compliance Management (9780849336485): Sigurjon Thor Arnason, Keith D. Willett: Books
CISSP All-in-One Exam Guide
Amazon.com: CISSP All-in-One Exam Guide, Fifth Edition (9780071602174): Shon Harris: Books
Information Security Management Handbook
Buy Information Security Management Handbook by Harold F. Tipton, Micki Krause Used from Barnes & Noble
Information Security Management Handbook Volume 2
Amazon.com: Information Security Management Handbook, Sixth Edition, Volume 2 (978142006708
CERT VTE CISSP Videos
ISO/IEC 27000
ISO/IEC 27002:2005
M.S. Information Security and Assurance
B.S. Computer Science - Summa Cum Laude
A.A.S. Electronic Systems Technology
Another way to approach it would be to start with the topics that Security+ covers and take each section to the next level. Make a list of the differences between what the coverage from that and the GSEC is and go from there. Then add on some Windows and Unix-specific books (such as the Hacking Exposed series for Windows and Linux).
I am writing this list up to cover anyone who wants to take the certification so if you have already read through any of this material you should be good to go.
I would recommend Linux+ study material such as the new All-in-one:
http://www.amazon.com/LPIC-1-CompTIA-Certification-LX0-101-LX0-102/dp/0071771573/ref=sr_1_1?ie=UTF8&qid=1318723418&sr=8-1
For the Windows knowledge requirements I would look at:
Amazon.com: MCSA/MCSE Self-Paced Training Kit (Exam 70-290): Managing and Maintaining a Microsoft® Windows Server(TM) 2003 Environment, Second Edition (9780735622890): Dan Holme, Orin Thomas: Books
For the security requirements:
http://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-201/dp/1439236364/ref=sr_1_1?ie=UTF8&qid=1318723593&sr=8-1
To get an overview of some of the tools out there:
http://www.amazon.com/CEH-Prep-Guide-Comprehensive-Certified/dp/0470135921/ref=sr_1_5?ie=UTF8&qid=1318723622&sr=8-5
For the basics of networking before diving to deep you should read ICND1:
http://www.amazon.com/CCENT-ICND1-Official-Certification-Guide/dp/1587201828/ref=sr_1_1?s=books&ie=UTF8&qid=1318724497&sr=1-1
The only books I know of that shows how networking works concisely from the engineering perspective was TCP/IP Illustrated. A new version of the books material is supposed to be covered in one book called The Illustrated Network (which I have not yet read). As I understand it is more entry level compared to the older books. That book should better fit the objectives of the GSEC as the TCP/IP Illustrated set would be overkill.
TCP/IP Illustrated all 3 volumes:
Amazon.com: TCP/IP Illustrated (3 Volume Set) (0785342776317): W. Richard Stevens, Gary R. Wright: Books
The Illustrated Network:
http://www.amazon.com/Illustrated-Network-Modern-Kaufmann-Networking/dp/0123745411/ref=wl_it_dp_o_npd?ie=UTF8&coliid=I18XXF1JILWI1D&colid=2BPLS3TKW2NU9
M.S. Information Security and Assurance
B.S. Computer Science - Summa Cum Laude
A.A.S. Electronic Systems Technology
Morgan Todd ~ Memphis, Tn
http://www.amazon.com/Network-Security-Bible-Eric-Cole/dp/0470502495
SANS Information Security Resources
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
http://www.giac.org/certified-professionals/directory/latest-papers
Please help me in this regard.
http://www.insecurityasylum.com/2012/05/gcih-study-plan.html
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
A.S Network Server Administration
M.S Information Security Management (expected 2014-2015)
https://www.infosiege.net/2012/04/gwapt-challenge-review/
Something else I need to put into the FAQ is that the $999US GIAC challenge exam price is reduced to $799US if you are a SANS alumni (that is, having attended a SANS training class and passed the associated GIAC exam).
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
I found the official statement and it looks confusing (highlights are mine):
GIAC Exam Challenge Info How do you understand it?
GetCertified4Less - discounted vouchers for certs
Per their example, if I have taken SANS 401, why would I need to challenge the GSEC exam? Taking 401 is the prerequisite for taking the GSEC. Maybe there is a time limit on how long after taking a SANS class you have to take the GIAC exam.
I'll check with GIAC about all this and post back.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
Unless things have changed, students have about (4) months to take the corresponding GIAC exam from the moment they are provided with the course material. Should you need additional time, you can always extend the deadline for a fee, which is way cheaper than the Alumni discount.
Not sure if this will help or not, but I bought one of their courses through one of the traditional training venues and decided not to pay for the certification attempt at the time. This is not typically a smart move as it's cheaper to pay for the certification attempt once you are registering, but I had no intention of pursuing this specific cert. Although I lost the opportunity to save about $200 USD, I can still request the Alumni discount in the future should I change my mind.
All that just to see how to save $200US.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
Getting ready for San Diego?
GetCertified4Less - discounted vouchers for certs
Zigbee Wireless Networking by Drew Gislason
Hacking Exposed Wireless, Second Editionby Cache / Liu / Wright (must have this book because Wright is course author of GAWN)
CWAP Certified Wireless Analysis Professional Official Study Guide: Exam PW0-270 (CWNP Official Study Guides)by David A. Westcott, David D. Coleman, Ben Miller, Peter Mackenzie
CWDP Certified Wireless Design Professional Official Study Guide: Exam PW0-250 (Study Guide Pw0-250) by Shawn M. Jackman, Matt Swartz, Marcus Burton, Thomas W. Head
CWSP Certified Wireless Security Professional Official Study Guide: Exam PW0-204 (CWNP Official Study Guides)by David D. Coleman, David A. Westcott, Bryan E. Harkins, Shawn M. Jackman
CWNA: Certified Wireless Network Administrator Official Study Guide: Exam PW0-105by David D. Coleman, David A. Westcott
And other material from Cisco wireless forum
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws [Paperback]
Dafydd Stuttard (Author), Marcus Pinto (Author)
HACKING EXPOSED WEB APPLICATIONS, 3rd Edition [Paperback]
Joel Scambray (Author), Vincent Liu (Author), Caleb Sima (Author)
SQL Injection Attacks and Defense, Second Edition [Paperback]
Justin Clarke (Author), Kevvie Fowler (Contributor)
Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-' [Paperback]
Mario Heiderich (Author), Eduardo Alberto Vela Nava (Author), Gareth Heyes (Author), David Lindsay (Author)
XSS Attacks: Cross Site Scripting Exploits and Defense [Paperback]
Seth Fogie (Author), Jeremiah Grossman (Author), Robert Hansen (Author), Anton Rager (Author), Petko D. Petkov (Author)
bunch of javascript, PHP, HTML5, Python knowledge and ton of video available on youtube.
Javascript by Example 2nd is an excellend resource for Javascript in the Programming Fundamental objective.
(I will update more as I m studying for GWAPT)
JDMurray,
Do you know perhaps whether taking OnDemand, vLive or Self-Study training will allow for the lower certification price $579?
Regards,
J.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
Thanks for the post!
J.
Note: I never said you would definitely pass base on these books, however, their content would be good enough to probably help you to get at least a pass in their training materials. You should buy a practice test at one of their site so as the gauge yourself if you are ready for the real exam. You should also actively scout yourself for other online resources that may aid you in the exam, a couple of others have post them in the forum. Please do not blame me if you cannot pass the exams, this are just recommendations from me out of good will.
I compile this list for my future usage to reinforce my concepts, meaning I haven't had the time to read them before.
GCIH
Counter Hack Reloaded (Ed Skoudis, SANS Instructor for GCIH)
Hacker Techniques, Tools, and Incident Handling (Jones & Bartlett Learning Information Systems Security & Assurance Series)
Incident Response and Computer Forensics, Second Edition
CISSP Study Guide (2nd Edition) (Eric Conrad)
Page 329-331 (Incident Response Management)
Chapter 10: Domain 9: Legal
Cyber Laws for Europe/UK/US/Singapore/Japan/Germany and other countries Found Online
Virtualisation Escape materials found online
GAWN
Hacking Exposed Wireless (Joshua Wright, SANS Instructor for GAWN)
Exam Note: Never took the exam with this book before
GISP
CISSP Study Guide 2nd Edition (Eric Conrad, SANS Instructor for GISP)
Exam Note: I pass 76% with this book alone
GCIA
Practical Packet Analysis (Chris Sanders)
Wireshark Network Analysis (Non GIAC Related)
Network Intrustion Detection (Stephen Northcutt)
Inside Network Perimeter Security (Stephen Northcutt)
Intrusion Signature and Analysis (Stephen Northcutt)
Internet Core Protocols
Books Recommended by Stephen Northcutt (See the reviews)
The Practice of Network Security Monitoring: Understanding Incident Detection and Response
Tao of Security Monitoring
Extrusion Detection: Security Monitoring for Internal Intrusions
Latest Snort Manual: SNORT Users Manual 2.9.5 *Some questions answers can be found in Snort Manual
Exam Warning: There is a section on the exam that ask about the latest technology and detection tools. You cannot find them in any of the books. Neither it is easy to find them online.
GSEC
Having study CISSP, the recommendation I can give in regards to GSEC, it is about 8 domains from CISSP and another two books of GSEC are windows and unix related.
CISSP Study Guide (2nd Edition) (Eric Conrad)
- Minus Hardware Architecture
- Minus Software Development
Network Security Bible (Eric Cole) *Someone reviewed on the Amazon page that they use it along for GSEC course
-Microsoft® Windows® Security Resource Kit
- Linux Administration: A Beginner's Guide, Fifth Edition
GCFA
Please see, An Eye on Forensics: Studying for the GCFA certification: Part 1
Most from the list is prepared for myself to challenge the GSE Exam, but some is prepared for additional reading if I have the interest in the future to branch into those field. I will be preparing for my GSE after my OSCP. I intend to use the experience from OSCP to cover part of the GSE hands on lab domain.
Not Sure where to place this
Advance Persistent Threat (Eric Cole)