SANS GREM | Questions for those who have recently passed

Howdy all.

I'm currently just about done with reading the material for the 2nd or 3rd time. I still think I need more practice on understand assembly instructions. I've got my index handy but am looking to add/modify it.

I've got a question for those who have already passed the latest exam

1. What material would you say the exam focuses on the most?
2. What would be the easiest way to structure the GREM index.

I've taken passed GCIH before and I feel like I should structure my GREM index differently. Maybe something like separate pages for api calls, assembly instructions, functions, commands, tools, ...anything else?

Also, once I knock this out, I'll be looking to trade my material

I've got 2016 material and looking to trade everything for 2016+ material for one of the following courses
1.GXPN
2.GMOB
3.GAWN

Includes:

-All books
-My index's
-Workbook USB package

Find more posts tagged with

Comments

BlackBeret

Wasn't there an emoji of a guy eating popcorn somewhere? Since you can't get PM's yet I'll give you a heads up. Most of the people here are sticklers for things like license agreements in courseware. You should probably read the one printed on the first page or two of each of your books.

kiki162

Look up Lenny's (creator of the GREM course) web page. He's got **** sheets for that course, along with some helpful tips. If you still feel like your not getting it, then look at taking the course or do work study.

ninja-turtle

Well that sucks. I thought they would've at least let us trade.

ninja-turtle

Also, where is the edit thread button in this forum? I don't see see any options under Thread tools. Much appreciated and thank you @kiki162

GirlyGirl

ninja-turtle wrote: »

Howdy all.

I'm currently just about done with reading the material for the 2nd or 3rd time. I still think I need more practice on understand assembly instructions. I've got my index handy but am looking to add/modify it.

I've got a question for those who have already passed the latest exam

1. What material would you say the exam focuses on the most?
2. What would be the easiest way to structure the GREM index.

I've taken passed GCIH before and I feel like I should structure my GREM index differently. Maybe something like separate pages for api calls, assembly instructions, functions, commands, tools, ...anything else?

Also, once I knock this out, I'll be looking to trade my material

I've got 2016 material and looking to trade everything for 2016+ material for one of the following courses
1.GXPN
2.GMOB
3.GAWN

Includes:

-All books
-My index's
-Workbook USB package

\

Did you pass the GMOB Exm?

TechGromit

ninja-turtle wrote: »

Also, once I knock this out, I'll be looking to trade my material

I've got 2016 material and looking to trade everything for 2016+ material for one of the following courses
1.GXPN
2.GMOB
3.GAWN

Includes:

-All books
-My index's
-Workbook USB package

While I can certainly understand the feeling of I own the material, I should be able to trade, resell, lend it to someone else mentality. It's a clear violation of SANS policy. If caught, SANS could invalidate all the SANS certifications you and the person your trading with hold. Possibly all the other certifications you both hold as well since it's an ethics violation. I'm sure you will find few people that will be willing to take that kind of risk. I do see people sometimes sell material on Ebay, but I highly doubt they hold any certifications, who would take that kind if risk, destroy there career for a few hundred bucks, seriously.

ninja-turtle

TechGromit wrote: »

While I can certainly understand the feeling of I own the material, I should be able to trade, resell, lend it to someone else mentality. It's a clear violation of SANS policy. If caught, SANS could invalidate all the SANS certifications you and the person your trading with hold. Possibly all the other certifications you both hold as well since it's an ethics violation. I'm sure you will find few people that will be willing to take that kind of risk. I do see people sometimes sell material on Ebay, but I highly doubt they hold any certifications, who would take that kind if risk, destroy there career for a few hundred bucks, seriously.

Makes sense. I can't seem to edit my original thread to remove that section. Can anyone point me towards the right direction. I don't see an option under thread tools

TechGromit

ninja-turtle wrote: »

Makes sense. I can't seem to edit my original thread to remove that section.

I wouldn't worry about it, so long as you don't actually follow through with a trade i don't see an issue. I highly doubt SANS conducts undercover sting operations, the chances of getting caught are slim. It's just not worth the risk, no matter how slim the odds are.

ninja-turtle wrote: »

Well that sucks. I thought they would've at least let us trade.

And rob SANS of the opportunity to charge you $6,000, how will they be able to feed there children or put food on the table? I'm really not sure how legal the Course Licensing Agreement (CLA) is, after all people have been reselling books and software for decades.

While I certainly can understand SANS desire to protect there material from people copying and reproducing it, preventing people from trading, lending or reselling it is questionable in my opinion. If every book had this clause in it, what would become of public libraries?

BlackBeret

You should see an edit button to the left of the "quote" and "reply" buttons. Don't get me wrong, I completely get the feeling. Before I had ever taken a SANS course I found some books for an exam I wanted to challenge on Ebay after members here PM'ed me. I personally agree with the thought that you paid for it, it should be yours. SANS just feels differently and a lot of people on here get on edge about things. I saw that you're a new member and didn't want you getting flamed too quick. There are some good people and a lot of helpful information on these boards.

JDMurray

Let it be known that the SANS/GIAC folks do patrol this public TE discussion forum with all due diligence. Those that plan to violate the SANS/GIAC licensing agreement(s) do risk decertification and banishment from TE. (Yes, it has happened before.)

NetworkNewb

JDMurray wrote: »

Let it be known that the SANS/GIAC folks do patrol this public TE discussion forum with all due diligence.

If you guys are reading this, I'd love to be chosen to do more Work Study events!

JDMurray

I think email would be a better way to make your wishes known to the people who can help you best.

ninja-turtle

I don't think my account has enough permissions to edit threads yet. I'm missing that button and I can't seem to utilize the other functions of this acct. My guess is that I might need a certain amount of posts or threads opened before those permissions are granted. Not sure. Maybe a mod can chime in

briancam35

sans will never ever chase peolpe down because they sell the SANS books on ebay.
it is too time consuming....
sans students do this all the time on ebay.

TechGromit

briancam35 wrote: »

sans will never ever chase people down because they sell the SANS books on ebay.
it is too time consuming....
sans students do this all the time on Ebay.

There will always be people that take training on the companies dime and just use it as an excuse to do some traveling the company pay for. They don't pay attention in class, leave early and sell copy righted materials to make a quick buck. If SANS did conduct an undercover operation to catch people selling material on eBay, I highly doubt any of them will have any GIAC certifications or any certifications in anything at all.

JoJoCal19

TechGromit wrote: »

There will always be people that take training on the companies dime and just use it as an excuse to do some traveling the company pay for. They don't pay attention in class, leave early...

I DEFINITELY saw some of these types of people the two times I've facilitated. It annoyed me because I'd LOVE to have my company pay to send me to SANS full-price as a student, and I would have definitely put in work and gotten a lot out of the classes.

5ekurity

JoJoCal19 wrote: »

I DEFINITELY saw some of these types of people the two times I've facilitated. It annoyed me because I'd LOVE to have my company pay to send me to SANS full-price as a student, and I would have definitely put in work and gotten a lot out of the classes.

Last one I was at, there was a dude who attended part of the first day of class, the first hour the 2nd day, then came in on the 6th day of the CTF for an hour and left. During lunch on day 4, I saw him wandering around the downtown area we were at. Just couldn't believe someone would waste time / money like that.

JoJoCal19

5ekurity wrote: »

Last one I was at, there was a dude who attended part of the first day of class, the first hour the 2nd day, then came in on the 6th day of the CTF for an hour and left. During lunch on day 4, I saw him wandering around the downtown area we were at. Just couldn't believe someone would waste time / money like that.

That's a damned shame.

TechGromit

5ekurity wrote: »

Last one I was at, there was a dude who attended part of the first day of class, the first hour the 2nd day, then came in on the 6th day of the CTF for an hour and left. During lunch on day 4, I saw him wandering around the downtown area we were at. Just couldn't believe someone would waste time / money like that.

People like that, I wish I could inform his employer how he's using their training dollars, but I'm sure SANS loves it, one less person they have to teach and they still get paid.

A lot of courses give certificates when you attend training, they aren't really good for much except to prove you attended classes, I wonder if they ever with hold giving certificates out to students that do not show up to classes every day? It would make a good way for employers check to see there employees show up to training, where's the certificate they gave you for attending class? Of course it would only force them to attend, not force them to listen and learn. Maybe just being there, they would remember something from the lectures later.

On the other hand, I'm competing against these people in the job market, the less they learn, the better it's for me in the long run.

TechGromit

I was talking at a SANS instructor over dinner about students that do not show up for or pay attention in class. He told me a story that a guy attended a class he was teaching the first day, and didn't bother to show up the other days of training. We this guy's boss was also in the class and when he didn't see this guy in class he asked him later were he was and they guy made up some excuse he was all the way in the front of the class, that's why his boss didn't see him. Anyway the boss contacted him (the SANS instructor) to get confirmation this guy really was in class, and when the boss found out he wasn't, this guy got fired and lost his CISSP due to this ethics violation.

JDMurray

TechGromit wrote: »

Anyway the boss contacted him (the SANS instructor) to get confirmation this guy really was in class, and when the boss found out he wasn't, this guy got fired and lost his CISSP due to this ethics violation.

So the boss was so mad that he reported his employee to the (ISC)2 as an ethical violator, and lying to your boss is considered to be an ethics violation by the (ISC)2 worthy of de-certification? Who knew?

UnixGuy

What does CISSP got to do with someone not attending a SANS training LOL

xxxkaliboyxxx

UnixGuy wrote: »

What does CISSP got to do with someone not attending a SANS training LOL

I could see a few reasons, the boss was the one that sponsored the employee. The boss was so mad, that they wanted to make sure the employee was disciplined. I do not know much about the CISSP code of ethics, but I assume this scenario would go under unethical behavior which the CISSP is a clause for. Kind of like being in the military/law enforcement, you might not be in uniform, but you are still a representative of the military/law enforcement even during "off duty"

Sure, it's not a (ISC)2 function, but aren't you still a CISSP even during none (ISC)2 events?

UnixGuy

That does not make ANY sense in my opinion! Unless it's got something to do with CISSP endorsement or CPE, the two incidents are completely unrelated. Boss is pissed off he can just fire the guy, that's about it really

xxxkaliboyxxx

UnixGuy wrote: »

That does not make ANY sense in my opinion! Unless it's got something to do with CISSP endorsement or CPE, the two incidents are completely unrelated. Boss is pissed off he can just fire the guy, that's about it really

Aren't you still a CISSP even at a SANS training event? Or are you only a CISSP when it's ISC(2) related? In that case, better take off CISSP from emails and business cards. By that logic, if you do something unethical at work, you shouldn't lose your CISSP either.

I'm guessing the boss made a big stink about it, big enough where they felt they should take it away. Who knows the back story, maybe there is more to it.

JoJoCal19

I'm assuming their reasoning is that lying to his boss regarding an information security related matter (the training) was unethical and unbecoming of someone holding the CISSP? I agree with you though, there's probably more back story. But it does seem asinine. It's a slippery slope kind of thing.

quogue66

I would assume this has to do with lying about the CPEs. Since he did not actually attend the SANS course but he claimed the CPEs it was considered lying/unethical. This is of course assuming that the story is not exaggerated.

TechGromit

JDMurray wrote: »

So the boss was so mad that he reported his employee to the (ISC)2 as an ethical violator, and lying to your boss is considered to be an ethics violation by the (ISC)2 worthy of de-certification? Who knew?

I'm not sure of the exact sequence of events, how this guys CISSP was pulled, I just heard is 2nd hand from a SANS instructor. There's probably more details to the story than I'm aware of.

TechGromit

xxxkaliboyxxx wrote: »

Aren't you still a CISSP even at a SANS training event? Or are you only a CISSP when it's ISC(2) related?

I remember in my SANS 504 class, the last day we were warned do not conduct a DOS attack on the Server / network, that our GIAC and CISSP certifications will be pulled for ethics violations, so the organizations do talk to one another.

I guess it boils down to trust worthy. There has to be a certain level of trust if I'm going to pay you to secure my networks. Having someone hold a CISSP from your ICS2 organization that lies, how does that reflect on your organization?

JDMurray

I don't believe the (ISC)2 would actually take the time and expense to launch an investigation to determine if an employee actually lied to a boss, unless the lies results in a significant public incident involving civil or criminal behavior. I'm waiting to see how many (ISC)2 certs get yanked for the poor handling of the Equifax breach.

(ISC)2 Code of Ethics | Complaint Procedures