GAWN passed

docricedocrice Member Posts: 1,706 ■■■■■■■■■■
Finally got around to sitting the GAWN exam today. It felt very similar in overall feel to the practice exam I took a few days earlier. Given the amount of time I took to get to this point with SEC-617 since I started back in late October, you would figure that I'd be very comfortable with the material by now. Unfortunately given my work schedule, I wasn't able to spend as much study time as I wanted and I achieved only an 86.67% passing score. It's the first time I got under 90% on a GIAC exam. I scored 83% on the practice exam and I semi-rushed through that one.

I think the areas that really got me are DECT, ZigBee, and Bluetooth, partly because my interest is in mostly 802.11 technologies (although I'm not discounting the importance of auditing others in an enterprise environment, especially given the prevalence of Bluetooth and wireless keyboards using other wireless technologies).

In preparation for the exam, I also did some supplemental reading using Hacking Exposed: Wireless (second edition). If you're interested in learning the bulk of the SEC-617 material without going through the SANS course itself, that book will do the job as it closely resembles the structure of the class. They're both authored by the same person, after all. You just don't get the anecdotes, lab exercises, and the equipment that comes in the course SWAT kit. I dare say you might even be able to pass the GAWN exam by reading through Hacking Exposed: Wireless and doing your own lab exercises, although for some things the sample PCAPs provided in class really helped.

After having taken six GIAC exams, I think I can confidently say that while the exams are generally fair in nature regarding their coverage, at the same time I feel they could be harder and do more to really validate someone's knowledge of the material. There is too much reliance on drawing from the text of the related SANS courseware verbatim. I'd also welcome a lab component, although that would be much more logistically difficult to pull off. A lot of questions are very closely-worded to the courseware text which makes it a bit likely for someone to be able to game the exam by referencing the answer without really understanding the material completely. It cheapens the worth of the certification.

But that said, you still need to have a fundamental grasp of the covered topics since the amount of time to complete the exam is relatively finite. The GAWN exam I took was 150-questions with a 4-hour time limit. I completed it in a little over 2 hours. If I didn't have the books as a reference, I probably would've still passed, but with a noticeably lower score.

I think GIAC exams should be harder based on my impression of what a GIAC-certified individual should represent. While SANS training is good, the exams could go further. As someone who's gone through a lot of infosec training and certifications in the last few years (note that my first certification was the CCNA back in December of 2009), I'm at the point of information overload and anything new I seem to learn means that something else gets pushed out of my brain. Retaining all of this stuff is hard unless I have the opportunity to apply it often enough.

GIAC is now charging shipping and handling for the framed certificate (the nice one). If you just want the plain 'ol paper certificate without the wooden backing, that's still free. In my case, I paid $19 for the honor of having a framed cert mailed to me that I'll probably end up chucking into a file drawer anyway.

In summary, I'm still glad I took the class. I need to do some wireless assessments where I work and this was employer-sponsored so it works out for me. The OSWP was fun, but lacked enterprise-centric perspective. For most people who can't afford SEC-617 or whose employer won't fund the training, I recommend reading Hacking Exposed: Wireless and you'll be in good shape. I didn't come into this SANS course cold since I've worked with basic 802.11 analysis, 802.1X environments, and some hotspot-related work in the past so the learning curve for me wasn't as steep.

As of this writing, I still have one GAWN practice exam left which expires 4/25/13. I might pose some challenge questions for it so stay tuned...
Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/


  • Options
    YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
    Awesome job! I wouldn't expect anything but a pass from you Docrice.
  • Options
    ChooseLifeChooseLife Member Posts: 941 ■■■■■■■□□□
    “You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896

    - discounted vouchers for certs
  • Options
    azmattazmatt Member Posts: 114
    Congrats on the pass!!
  • Options
    JDMurrayJDMurray Admin Posts: 13,031 Admin
    Congratulations and an excellent review as always! icon_cheers.gif
  • Options
    docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    I almost forgot that I still have an extra GAWN practice exam to give away. It expires on 4/25/13. Anyone interested? In the spirit of the "challenge-response" themes involved in wireless crypto covered by SANS SEC-617, I think it'd be fun to make a relatively easy challenge exercise out of it (but not necessary in the form of a technical question on wireless security).

    Otherwise I'll just pass it onto another forum.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • Options
    Sheiko37Sheiko37 Member Posts: 214 ■■■□□□□□□□
    It's a really old thread, but I notice on the SANS page it saws the SEC617 is "New", which is surprising since this thread is 5 years old.

    docrice, do you notice anything different from when you did the course and the current syllabus?

    Edit, nevermind, I got a response from SANS that's very helpful.
    When a course updates 70% or more of the course content during one of the scheduled revision updates of the course, it can earn the NEW identification. During the last turn-in the SEC617 course was completely revamped and earned “NEW” status. Some of the significant changes to SEC617 are listed below:
    • New coverage of 802.11ac and other modern WiFi standards
    • Updated techniques for "Bridging the Airgap", integrating modern Metasploit and Meterpreter functionality
    • New integration of wireless attacks that target mobile devices (where the previous focus in the course was wireless attacks against Windows and macOS devices)
    • Minimized WEP materials to reflect reduced prevalence as an attack target while preserving essential protocol cryptography skills to apply in other wireless protocols
    • Minimized fuzzing module, focusing on techniques that apply with Scapy and modern applications of fuzzing for bug discovery (Google Project Zero Broadcom WiFi vulnerability discoveries)
    • Updated coverage of WPA2 Enterprise attacks using Hostapd-WPE, with application notes against Windows 10, iOS, and Android
    • New introduction to Z-Wave vulnerabilities and attack tools
    • New content on Bluetooth and Bluetooth Low Energy attacks and device analysis
    • New module on Software Defined Radio
    • New modules on RFID technology including location privacy attacks, LF RFID attacks, smart card attacks, and NFC attacks
    • New CTF
Sign In or Register to comment.