Post your SANS/GIAC study material recommendations here

I was going to include a section in this forum's FAQ sticky about SANS/GIAC certification study materials recommended by TE's members. But it occurred to me that such a list could grow to be quite large, and that topic really should have its own sticky. Because it will take me some time to sift through all 1000+ posts in this forum to locate and consolidate all of the recommendations, I thought that I would appeal to the members of this forum to post your study material recommendations here. For saving me the time, you will have my undying gratitude.

GSEC - GIAC Security Essentials

GCIH - GIAC Certified Incident Handler

GCIA - GIAC Certified Intrusion Analyst

GPEN - GIAC Penetration Tester

SANS SECURITY 560 - Network Penetration Testing and Ethical Hacking

GCFW - GIAC Certified Firewall Analyst

http://www.techexams.net/forums/sans-institute-giac-certifications/10850-how-i-passed-gcfw.html

Other Resources SANS Security Training Courses SANS: Network, Information and Computer Security Training Courses SANS Information Security Reading Room SANS: Information Security Reading Room - Computer Security White Papers SANS Institute YouTube channel sansinstitute's Channel - YouTube

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

trio

Thanks LionelTeo!

Blessmewithgrace1

sounds good..

LionelTeo

A new book I had found recently is The Hacker Playbook: Practical Guide To Penetration Testing: Peter Kim: 9781494932633: Amazon.com: Books by an Author with GXPN, of course this would not be sufficient enough to undertake GXPN. GXPN require a mixture knowledge of Scapy, Sully Framework, Windows and Linux Stack Smashing, GDB debugger and windows debugger, Python. This can be covered with Violent Python (Written by a GSE, OCSE), The Art Of Hacking by Jon Erickson, Shellcoders Handbook, and the Sulley framework manual. I will give it an attempt in the future (but not so soon), if I can cleared my GSE. GXPN and OCSE are probably my top choice of certs.

Amazon also had great tons of other books, I saw one for malware reverse engineering (GREM, anyone?) and other great stuff. If your totally new to GIAC exam, you may want to go for a course and see how the exam goes, but once your familiar with the exam environment, I am pretty sure you can net those without going for course; most importantly, spend a 15 to 30 mins everyday to read something.

GCIH is probably the easiest to challenge, given the syllabus to so similar to CEH with the exception of incident handling being omitted out, if you can pass CEH by studying yourself, GCIH should be no problem.I highly recommend to challenge yourself for a start, once you passed the first challenge, you will you can undertake more challenge, and then your certification choice would open up to a lot from GIAC. Of course do remember to give back to the organization by recommending your company to send your fellow mate for GIAC course

:P Good luck for those who intend to try. Remember, its not about the failure, its about not giving up!

LionelTeo

I had updated the previous mention book list here!
http://www.techexams.net/forums/sans-institute-giac-certifications/100210-giac-certifications.html

SephStorm

I was just reviewing this, I don't believe I see any GPEN material here. I'll post this, reposted from LionelTeo:

GPEN (Take After GCIH) (Requires: Projecting Scoping, Scanning Fast, Pivoting, Command Prompts Scanning) The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy Advanced Penetration Testing Guide for Highly Secured Enviroment (the ultimate security guide) Metasploit: The Penetration Tester Guide The Hackers Playbook

LionelTeo

GCIH Additional Notes
http://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook_33901

http://www.blueteamhandbook.com/about.html

Revised GCIA Matrials
Practical Packet Analysis (Chris Sanders)
Network Intrustion Detection (Stephen Northcutt)
Inside Network Perimeter Security (Stephen Northcutt)

Books Recommended by Stephen Northcutt (See the reviews)
The Practice of Network Security Monitoring: Understanding Incident Detection and Response

Latest Snort Manual: SNORT Users Manual 2.9.5

Higgsx

Some user posted about GCIH certification preparation material but it seems very old books and I think isn't much.
What other books are good for the GCIH preparation?

I thought about these books:
1. Hacking: The art of exploitation
2. penetration testing hands on introduction to hacking.

any suggestions?

P.S I' planning to take GCIH exam in about 4-5 month.

SaSkiller

Just adding this in:

GREM: Practical Malware Analysis

LionelTeo

Hacking: The art of exploitation is about debugging/shell code and buffer overflowing the stack manually. I had the book and read through it, it is more for GXPN material. For GCIH, still counter hack reloaded for stuff that didn't change in this 10 years, hacking exposed latest version to cover latest attack technique. Google everything else while taking the two free practice test that comes with buying the actual exam.

SaSkiller

Anything for GCFE? Saw someone ask online, we don't have anything.

ramrunner800

SaSkiller wrote: »

Anything for GCFE? Saw someone ask online, we don't have anything.

For GCFE I would recommend taking the red "Evidence Of" poster that SANS distributes for FOR 408, and finding articles on how to handle each of the individual artifacts. SANS posts many guides on how to parse and analyze each artifact individually, and so do other companies like Magnet Forensics. That should get you through the individual artifact analysis questions. For the larger picture questions on the principles of evidence collection and handling, I'd recommend "Incident Response & Computer Forensics: Third Edition."

https://www.amazon.com/Incident-Response-Computer-Forensics-Third/dp/0071798684

sharkezo

can we get recommendations for GMON?

larsde

hi !

I would like to post my personal hint for the GIAC examen.

As you know we get 5h (300 minutes) to answer 180 questions. I printed this timetable on a post-it and sticked it to my screen during the examen.

This way i could keep track of my time. For example when the countdown timer showed "4h30" i needed to have answered 19 questions. I was not sure how the counter would run (down/up hours/minutes) so i printed the 4 ways. Only the blue marked rectangle is needed, so now i would omit the other counters.

Let me know what you think !
kind regards,
Lars.

cyberguypr

You know books cost money, right?

TechGromit

larsde said:

hi !

I would like to post my personal hint for the GIAC examen.

As you know we get 5h (300 minutes) to answer 180 questions. I printed this timetable on a post-it and sticked it to my screen during the examen.

I do something similar, but I break the exam into 4 parts I should have X number of questions answered by the 1/4, 1/2, 3/4 and finished. Your chart looks too busy and probably give me more stress any reassurance that I'm on pace to complete the exam in time. Also remember not all questions are created equal. I've spent 3 or 4 minutes on a single difficult question and others I answered it in 3 seconds flat, cause I knew the answer.

Pmorgan2

gluesniffmonkey had some pretty good study tips for GICSP (ICS-410) in another threat: https://community.infosecinstitute.com/discussion/127133/looking-for-gicsp-material

gluesniffmonkey said:
I passed the GICSP exam last year after attending the ICS 410 in Abu Dhabi last year with Thomas Brandsetter as instructor. If you can do the course onsite I highly recommend Thomas Brandsetter. We got some extra insights into the Stuxnet response from his perspective as the Siemens vendor response. He also has a good webcast which is worth watching on Securing industrial control systems: A peek into building automation security.

As a few people say going to the Live training gives you some networking opportunities which can be as valuable as the course itself.

Having said the above I think the GICSP can be passed self study. Unlike the GCIH (which I also passed a few weeks back), there were no Linux or Windows virtual labs on Vmware during the exam. While it has technical elements I find the GICSP to be managerial focused. I don't think that is a bad thing either. It appears to me the GICSP is aimed at getting IT and OT to have a common language and methodology for developing security solutions in ICS/SCADA and Building/Factory Automation environments. The GICSP is also more Blue Team focused.

I would recommend at a minimum purchasing the hard copies of three books listed in the Suggested Reading on the right of the SCADAHacker website. You need hard copies so you can take them in the exam center. He has lots of links to additional reading.

Also spend some time on A Collection of Resources for Getting Started in ICS/SCADA Cybersecurity by Robert M. Lee from Dragos who is also a SANS Instructor. He recommends many of the same books as SCADAHacker plus a few more.

Read everything, including the Posters in the SANS ICS Library.

I highly recommend purchasing at least one practice test. I find my grades on the practice tests are similar to the actual. You can find out if you are weak in any area. If I had not done the practice tests for my GCIH I would not have know about the new labs and might not have known how to solve them.

Good luck!

changlinn

GSTRT

I just passed this in January. Great training course from Frank Kim.

There is a lot in this from CISSP, CISM and CRISC. So training on those would help, or the book from Shon Harris and the Udemy course from Kelly Handerhan(sp?).
I also found points from https://www.goodreads.com/book/show/17325685-c-i-so---and-now-what was useful.

JDMurray

The GIAC GSTRT is one of the few certs for InfoSec managers. I'm glad to hear the SANS training course for it is good. Thanks for the reference!

candycorn

I was looking at what seemed to be an introductory course provided by SANS, specifically the SEC 301. https://www.sans.org/cyber-security-courses/introduction-cyber-security/ And it seemed like a good place to start for newbies.

Either by mistake or on purpose (since it's security I'm not really sure if this was an easter egg or an honest mistake), the instructor posted the password on a YT video to access supplementary materials related to the 301 exam.

The link to the site: https://sec301.com/
PW: asimplepassword

Screenshots:

https://imgur.com/a/3AiXL2u

@JDMurray or other mods, please remove or modify this post this if you felt I violated any rules, I am posting this in good faith without malicious intent with the hope that it can serve those studying to take this exam. I don't know if these supplemental materials are free or come with a cost (maybe bundled with the exam or test prep, I'm not quite sure). I felt like this would be a good place to make an initial post at the very least.

I poked around a bit, but I think you would want to be enrolled in the class to understand the materials better... I didn't really understand what I was watching the couple videos I clicked.

And if this was done in error, I find it very ironic.