Passed GCIH

cyberguyprcyberguypr Mod Posts: 6,927 Mod
My goal was to achieve 90% in order to get invited to the Advisory Board. Ended up passing with 91%. It was agonizing seeing the checkpoint fluctuate between 88-93%.

I took the class via the Work/Study Program (awesome, look it up) in Chicago a few months ago with Jonathan Ham. That gave me access to the MP3s as well as OnDemand for 4 months. My process was indexing the books first and then watching most of the course again via OnDemand. I skipped some lectures where I was positive I had excellent grasp of the material.

For materials, I took all the books with me to the testing center. I created the following documents:
- one page summing up the Incident Handling phases along with their goals
- 4 pages summing up attacks and their defenses
- SANS **** sheets: Netcat, Windows Command Line **** Sheet, Linux Intrusion Discovery, Linux Intrusion Discovery,
- index consisting of term, book #, page #, description. This came in very handy. I was able to answer most questions just by checking my "description field". I used Azmatt's index as an inspiration but I went with one master index instead of separate one for tools. Total pages for my index: 13. In another thread I mentioned I felt my index was short but it definitely served its purpose. I only remember one item that I looked up it wasn't on my index. Remember that indexes are a personal thing so no two are alike. All the time you spend here will definitely pay off.

I definitely enjoyed both the class and the test. It really opened my eyes to how much crap is out there and we have to defend from.




  • zxbanezxbane Member Posts: 740 ■■■■□□□□□□
    Wow, very impressive index and study materials. It shows you put in the time necessary and it paid off. Congrats!
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■

    Thanks for the write up. Now it's time for me to buckle-down and get this done.
  • 5ekurity5ekurity Member Posts: 346 ■■■□□□□□□□
    Great job, congratulations!
  • YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    Nice work - Congrats
  • azmattazmatt Member Posts: 114
    Awesome job!!!! Congrats!!!!
  • FloOzFloOz Member Posts: 1,614 ■■■■□□□□□□
  • cyberguyprcyberguypr Mod Posts: 6,927 Mod
  • laughing_manlaughing_man Member Posts: 84 ■■□□□□□□□□
    Congrats! Sitting for my GCIH in a month. I like your index with the brief definitions. I think I will modify mine to include that (currently just have phrase and page number).
  • f0rgiv3nf0rgiv3n Member Posts: 598 ■■■■□□□□□□
    Congratulations! That's some good stuff right there. I'm considering pursuing the GCIH soon, do you enjoy the actually "Incident Handling" portion of the material?
  • HelalHelal Registered Users Posts: 2 ■□□□□□□□□□
    congratulations, u made awesome job here plus your the great achievement :)
    could you share these materials with us?
  • cyberguyprcyberguypr Mod Posts: 6,927 Mod
    No two indexes or guides are alike. Part of the GIAC cert experience is spending time customizing materials to your particular needs. You'll get more out of the experience if you create your own
  • ITforyearsITforyears Member Posts: 35 ■■□□□□□□□□
    Recently, I finished my GCIH and received an 87. I am glad it is over with. I guess some questions after the 100 question mark because I did not have any reference for it in my index. Also, some stuff (Buffer Overflows, Jump Bags) did not have any real clear answers in those questions. Anyway, its done.

    My index was done in Excel in landscape format. I had about 40 pages that printed out.

    My format was similar to

    e.g. format string attack 1, 43 (for book, page) and an example comment (%s, %d), etc.
    Firebug 4 150 robust web and script development tool and editor used to manipulater Apps
    Firesheep 3 71 Attacks websites that rely on SSL for only part of interaction with users (such as authentication) and then HTTP for rest
    Firesheep 3 72 waits for user to athenticate over HTTPS and sniffs authenticated session and cookies - grabs credentials
    Firewalk 2 133 utility that allows an attacker to determine which ports on a firewall are open; uses ttl decrements to identify open firewall ports
Sign In or Register to comment.