Post your SANS/GIAC study material recommendations here



  • Options
    triotrio Member Posts: 42 ■■□□□□□□□□
  • Options
    Blessmewithgrace1Blessmewithgrace1 Registered Users Posts: 10 ■□□□□□□□□□
  • Options
    LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    A new book I had found recently is The Hacker Playbook: Practical Guide To Penetration Testing: Peter Kim: 9781494932633: Amazon.com: Books by an Author with GXPN, of course this would not be sufficient enough to undertake GXPN. GXPN require a mixture knowledge of Scapy, Sully Framework, Windows and Linux Stack Smashing, GDB debugger and windows debugger, Python. This can be covered with Violent Python (Written by a GSE, OCSE), The Art Of Hacking by Jon Erickson, Shellcoders Handbook, and the Sulley framework manual. I will give it an attempt in the future (but not so soon), if I can cleared my GSE. GXPN and OCSE are probably my top choice of certs.

    Amazon also had great tons of other books, I saw one for malware reverse engineering (GREM, anyone?) and other great stuff. If your totally new to GIAC exam, you may want to go for a course and see how the exam goes, but once your familiar with the exam environment, I am pretty sure you can net those without going for course; most importantly, spend a 15 to 30 mins everyday to read something.

    GCIH is probably the easiest to challenge, given the syllabus to so similar to CEH with the exception of incident handling being omitted out, if you can pass CEH by studying yourself, GCIH should be no problem.I highly recommend to challenge yourself for a start, once you passed the first challenge, you will you can undertake more challenge, and then your certification choice would open up to a lot from GIAC. Of course do remember to give back to the organization by recommending your company to send your fellow mate for GIAC course

    :P Good luck for those who intend to try. Remember, its not about the failure, its about not giving up!
  • Options
    LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
  • Options
    SephStormSephStorm Member Posts: 1,731 ■■■■■■■□□□
    I was just reviewing this, I don't believe I see any GPEN material here. I'll post this, reposted from LionelTeo:

    GPEN (Take After GCIH) (Requires: Projecting Scoping, Scanning Fast, Pivoting, Command Prompts Scanning) The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy Advanced Penetration Testing Guide for Highly Secured Enviroment (the ultimate security guide) Metasploit: The Penetration Tester Guide The Hackers Playbook
  • Options
    LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    GCIH Additional Notes


    Revised GCIA Matrials
    Practical Packet Analysis (Chris Sanders)
    Network Intrustion Detection (Stephen Northcutt)
    Inside Network Perimeter Security (Stephen Northcutt)

    Books Recommended by Stephen Northcutt (See the reviews)
    The Practice of Network Security Monitoring: Understanding Incident Detection and Response

    Latest Snort Manual: SNORT Users Manual 2.9.5
  • Options
    HiggsxHiggsx Member Posts: 72 ■■□□□□□□□□
    Some user posted about GCIH certification preparation material but it seems very old books and I think isn't much.
    What other books are good for the GCIH preparation?

    I thought about these books:
    1. Hacking: The art of exploitation
    2. penetration testing hands on introduction to hacking.

    any suggestions?

    P.S I' planning to take GCIH exam in about 4-5 month.
  • Options
    SaSkillerSaSkiller Member Posts: 337 ■■■□□□□□□□
    Just adding this in:

    GREM: Practical Malware Analysis
  • Options
    LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    Hacking: The art of exploitation is about debugging/shell code and buffer overflowing the stack manually. I had the book and read through it, it is more for GXPN material. For GCIH, still counter hack reloaded for stuff that didn't change in this 10 years, hacking exposed latest version to cover latest attack technique. Google everything else while taking the two free practice test that comes with buying the actual exam.
  • Options
    SaSkillerSaSkiller Member Posts: 337 ■■■□□□□□□□
    Anything for GCFE? Saw someone ask online, we don't have anything.
  • Options
    ramrunner800ramrunner800 Member Posts: 238
    SaSkiller wrote: »
    Anything for GCFE? Saw someone ask online, we don't have anything.

    For GCFE I would recommend taking the red "Evidence Of" poster that SANS distributes for FOR 408, and finding articles on how to handle each of the individual artifacts. SANS posts many guides on how to parse and analyze each artifact individually, and so do other companies like Magnet Forensics. That should get you through the individual artifact analysis questions. For the larger picture questions on the principles of evidence collection and handling, I'd recommend "Incident Response & Computer Forensics: Third Edition."

    Currently Studying For: GXPN
  • Options
    sharkezosharkezo Member Posts: 16 ■■■□□□□□□□
    can we get recommendations for GMON?
  • Options
    larsdelarsde Registered Users Posts: 4 ■■□□□□□□□□
    hi !

    I would like to post my personal hint for the GIAC examen.

    As you know we get 5h (300 minutes) to answer 180 questions. I printed this timetable on a post-it and sticked it to my screen during the examen.

    This way i could keep track of my time. For example when the countdown timer showed "4h30" i needed to have answered 19 questions. I was not sure how the counter would run (down/up hours/minutes) so i printed the 4 ways. Only the blue marked rectangle is needed, so now i would omit the other counters.

    Let me know what you think !
    kind regards,

  • Options
    cyberguyprcyberguypr Mod Posts: 6,928 Mod
    You know books cost money, right?
  • Options
    TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    edited December 2018
    larsde said:
    hi !

    I would like to post my personal hint for the GIAC examen.

    As you know we get 5h (300 minutes) to answer 180 questions. I printed this timetable on a post-it and sticked it to my screen during the examen.
    I do something similar, but I break the exam into 4 parts I should have X number of questions answered by the 1/4, 1/2, 3/4 and finished. Your chart looks too busy and probably give me more stress any reassurance that I'm on pace to complete the exam in time. Also remember not all questions are created equal. I've spent 3 or 4 minutes on a single difficult question and others I answered it in 3 seconds flat, cause I knew the answer.  
    Still searching for the corner in a round room.
  • Options
    Pmorgan2Pmorgan2 Member Posts: 116 ■■■■□□□□□□
    gluesniffmonkey had some pretty good study tips for GICSP (ICS-410) in another threat: https://community.infosecinstitute.com/discussion/127133/looking-for-gicsp-material
    I passed the GICSP exam last year after attending the ICS 410 in Abu Dhabi last year with Thomas Brandsetter as instructor. If you can do the course onsite I highly recommend Thomas Brandsetter. We got some extra insights into the Stuxnet response from his perspective as the Siemens vendor response. He also has a good webcast which is worth watching on  Securing industrial control systems: A peek into building automation security

    As a few people say going to the Live training gives you some networking opportunities which can be as valuable as the course itself.

    Having said the above I think the GICSP can be passed self study. Unlike the GCIH (which I also passed a few weeks back), there were no Linux or Windows virtual labs on Vmware during the exam. While it has technical elements I find the GICSP to be managerial focused. I don't think that is a bad thing either. It appears to me the GICSP is aimed at getting IT and OT to have a common language and methodology for developing security solutions in ICS/SCADA and Building/Factory Automation environments. The GICSP is also more Blue Team focused.

    I would recommend at a minimum purchasing the hard copies of three books listed in the Suggested Reading on the right of the SCADAHacker website.  You need hard copies so you can take them in the exam center. He has lots of links to additional reading.

    Also spend some time on A Collection of Resources for Getting Started in ICS/SCADA Cybersecurity by Robert M. Lee from Dragos who is also a SANS Instructor. He recommends many of the same books as SCADAHacker plus a few more. 

    Read everything, including the Posters in the SANS ICS Library.

    I highly recommend purchasing at least one practice test. I find my grades on the practice tests are similar to the actual. You can find out if you are weak in any area. If I had not done the practice tests for my GCIH I would not have know about the new labs and might not have known how to solve them. 

    Good luck!
    2021 Goals: WGU BSCSIA, CEH, CHFI | 2022 Goals: WGU MSCSIA, AWS SAA, AWS Security Specialist
  • Options
    changlinnchanglinn Member Posts: 42 ■■■□□□□□□□

    I just passed this in January. Great training course from Frank Kim.

    There is a lot in this from CISSP, CISM and CRISC. So training on those would help, or the book from Shon Harris and the Udemy course from Kelly Handerhan(sp?).
    I also found points from https://www.goodreads.com/book/show/17325685-c-i-so---and-now-what was useful.

    A+, C|EH, CISSP, CISM, CRISC, GSTRT, MCSA:Messaging, MCSE:Security
    "Brain does not meet certification requirements, please install more certifications" Me
    Currently Studying: Cyber Security masters and ISC2 CCSP.
    Security blog; http://security.morganstorey.com
  • Options
    JDMurrayJDMurray Admin Posts: 13,041 Admin
    The GIAC GSTRT is one of the few certs for InfoSec managers. I'm glad to hear the SANS training course for it is good. Thanks for the reference!
  • Options
    candycorncandycorn Member Posts: 52 ■■■□□□□□□□
    edited April 2023
    I was looking at what seemed to be an introductory course provided by SANS, specifically the SEC 301. https://www.sans.org/cyber-security-courses/introduction-cyber-security/ And it seemed like a good place to start for newbies. 

    Either by mistake or on purpose (since it's security I'm not really sure if this was an easter egg or an honest mistake), the instructor posted the password on a YT video to access supplementary materials related to the 301 exam.

    The link to the site: https://sec301.com/
    PW: asimplepassword



    @JDMurray or other mods, please remove or modify this post this if you felt I violated any rules, I am posting this in good faith without malicious intent with the hope that it can serve those studying to take this exam. I don't know if these supplemental materials are free or come with a cost (maybe bundled with the exam or test prep, I'm not quite sure). I felt like this would be a good place to make an initial post at the very least. 

    I poked around a bit, but I think you would want to be enrolled in the class to understand the materials better... I didn't really understand what I was watching the couple videos I clicked. 

    And if this was done in error, I find it very ironic. 
    ITIL, CompTIA A+, CompTIA Healthcare IT Tech, MTA: Server Fundamentals, MCP, Apple Certified Associate, CIW Associate
Sign In or Register to comment.