GIAC Noob here

NovaHaxNovaHax Member Posts: 502 ■■■■□□□□□□
I am planning on starting to challenge some GIAC certs (without taking the corresponding SANS training). Never taken any of their exams before, but I figure this way, I can take 3 GIAC certs a opposed to only 1...based on the annual training budget provided by my employer. Any recommendations from those that have successfully challenged and conquered?

I just registered for GCIH. icon_study.gif


  • JDMurrayJDMurray Certification Invigilator Surf City, USAAdmin Posts: 11,544 Admin
    You should probably start by reading the Challenge Certification section of the GIAC Certification FAQ. Although it doesn't explicitly state it, using other people's the official SANS course materials is not allowed.
  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■□□□□
    GCIH is the easiest to take on, its slightly above CEH with the exception of the missing incident handling and law part. The counter hack reloaded book is written by the course author Ed Skoudis and you should definitely pick it up if your challenging it. Incident Handling can be covered by picking up an incident handling book by industry leaders with good reviews. The SANS incident handling steps is slightly differently, you can read that up in the CISSP Study Guide by Eric Conrad.

    Google is your best friend for every challenge, if you are very good at googling for resources, you can fill in the 'blanks' with self written notes for missing section where the books did not cover for the course.

    I would go through with ceritifcation in terms of difficulty
    GCIH -> One of the easier Certification to take on. CEH is similar to this with exception there is no incident handling and laws for various country.
    GPEN -> Possible to challenge this, there is lots of book out there on pentesting. Similar to GCIH with the exception is that you will have to learn more how to write the report, handle the project and pentest fast to deliver to the report. Pivoting is also another crucial topic, in addition to laws for various country.
    GCIA -> Very hard to challenge this, due to books written by sans author have been around for 14 years, but possible, since the analysis and operating concept for wireshark, tcpdump, snort has always been the same. The new section that is always updated is the new tools that is introduce for monitorings, like SIEM and centralised logging. There is also like 10 over books on wireshark, tcpdump and intrusion analysis by great authors.
    GSEC -> Hard but possible, essentially the CISSP with architecture and software replace by basic Linux and Windows Administration, active directory, take sometime and read up on this areas and you would be great. Law is also another important area. Eric Cole had also release a book that can be use along with GSEC.
    GWAPT -> Possible with Web Application Pentration Testing books and Sql Injections and countermeasure. There is a blogger who had blog on challenging this.
    GXPN -> Possible with The Hackers Playbook, Shellcoders Handbook, Hacking the art of explotation along with online resource for Sulley Framework, Scapy, Immunity Debugger. There is a blogger who had blog on challenging this.
    GCFA -> Also viable, there is a blogger who had on challenging this.
    GSNA -> Definitely Viable, because someone who is GSNA certified has wrote on a book, with a CISA study book and there is another IT Audit framework book, reading them up enable you to get this cert. (but you read more than a CISA certified lol)
    GAWN-> The sans author had also wrote a book on amazon regarding this, definitely viable but you need to cover more than the book
    G2700 -> definitely viable given the amount books out there covering ISO27000
    GCPM -> Definitely viable since this is similar to getting a PMP certification.
    GISP -> Viable because this is same as CISSP with exception its open book.
    GSLC -> Definitely viable if you have vast amount of knowledge for G2700, GCPM and GISP and with a CISM book top with a couple of risk management.
    GREM -> Viable given the amount of Reverse Engineering books out there
    GLEG -> Not something most people would take. Just want to mention there is a book on IT Security Legal as well.

    Currently, I am still evaluating the viablilty for
    GCED -> Networking Hardening (router/switch), Malware Handling (sysinternals tools), Intrusion Analysis, Pentest, Incident Handling, Advanced Persistent Threat. Everything seems too over the place
    . Eric Cole has a book for advanced persistent threat on this.

    There is multiple blogs out there there has written on how they pass the challenge, read it up! Also keep searching books on amazon. Look up the author name in the GIAC search listing and see if those author who write those books are ceritfied by GIAC or are written by the SANS author himself. It will raise your chance of passing if you read those books. Also google is your best friend to fill in the gaps, always review the materials you had on hand.

    EDIT: as JD Murray says, using other people SANS material is not allowed, so just a slight warning on that. :)

    Once you took the practise test, it will reflect your score. Take that score and update your materials. remember its open book, so there is no harm to bring more books in if you can. Good luck!

    EDIT 2: Forgot to mention GSEC also covers some packet structure reading nmap and ncat stuff. Basically a little of GCIA in additional to what I mention
  • Khaos1911Khaos1911 Member Posts: 366
    Lionel, That was incredibly helpful to those of us who are new to the world of SANS training. Many thanks!
  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■□□□□
    One of my hobbies during my free time its to to for books on Amazon, and go to GIAC directory to see if it is written by a sans author or GIAC Certified Professional. Grab a SANS brochure and learn the instructor name, for instance you came across Ed Skoudis, Eric Cole, Stephen Northcutt, Rob Lee while searching for a book, you know you immediately had to grab it. Just to add on for those who is challenging GWAPT, samurai wtf is written by SANS instructor, another OS for forensic (I can't recall at the moment) is written by another SANS instructor, this are some of the stuff you shouldnt miss while challenging for exams, you should definitely pick up those OS they work on and put in your lab.

    You had heard about doing recon on your target, so apply that well on the exams you working on. Recon on the intructors or book authors, learn their activities, what book had they wrote, or even write a review on! What system had they work on. Go grab those study material if you haven't!

    If you preparing for GSEC, you should look up Eric Code Book. I had post it in the first thread on the second page, but got lazy to repeat those books here.

    For GCIA, those books by Stephen Northcutt, Richard Ben(something) and Chris Sander would give you a good chance. Also throw in a snort manual, I cannot recall how much the snort manual help me back there for the exam. **** sheets like quick command lines or packet structures are also some of the really useful stuff to prepare to GIAC exams.
  • JDMurrayJDMurray Certification Invigilator Surf City, USAAdmin Posts: 11,544 Admin
  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■□□□□
    Yup, your right. I remember seeing stephen northcutt reviewing how good his books were.
  • NovaHaxNovaHax Member Posts: 502 ■■■■□□□□□□
    JDMurray wrote: »
    You should probably start by reading the Challenge Certification section of the GIAC Certification FAQ. Although it doesn't explicitly state it, using other people's the official SANS course materials is not allowed.

    I wasn't planning on it. My plans were to take the practice tests, make a note of anything referenced. Also take the syllabus of the corresponding SANS course...and using both of those...a whole lot of independent research.
  • NovaHaxNovaHax Member Posts: 502 ■■■■□□□□□□
    LionelTeo...that breakdown was very helpful. Thanks for the insight.
Sign In or Register to comment.