GCIH Preparation and attempt log

Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
There's hardly jack on the Internet about this course or the exam attempt so I'm going to chronicle my experience similar to what I did with the GCFW.

I got a series of emails from SANS today proclaiming that they received payment and that my online access to self study materials was available. I also got an email with details on how to access the lab, which I was unaware existed. I didn't really READ much about the course before I signed up for it so it was a bit of a surprise. Apparently it's something new with the 3.0 beta exam. TY to Dynamik for pointing this out (I'm retarded icon_sad.gif) Either way, I'm excited about it because hands-on was something I felt the GCFW was dreadfully lacking.

Unfortunately, the wireless Internet access in the hotel I'm staying in is on par with access from Namibia so I can't enjoy audio or video. Ed Skoudis is the instructor so I'd really like to have that content as I go through this material so I'm going to hold off until I get home before I crack into it.

Aside from that, I am very impressed with the significantly improved graphical layout between the GCFW online self-study material and what has been provided to me for this course. I'm talking Windows 3.1 next to windows 2000 difference. The GCFW material often did not have corresponding audio for the slides, was missing information for a small number of slides, and was generally not very user friendly. I can't really vouch for the content (and presence there of) regarding the GCIH material but hey, at least it looks nice.

I'll probably get a chance to crack into this stuff some time on Thursday evening so I'll probably update this some time towards the end of the week. I hope to update this more frequently than my last thread because it looks like there will be a lot of fun stuff to talk about.
CCNP | CCIP | CCDP | CCNA, CCDA
CCNA Security | GSEC |GCFW | GCIH | GCIA
pbosworth@gmail.com
http://twitter.com/paul_bosworth
Blog: http://www.infosiege.net/
«13

Comments

  • L0gicB0mb508L0gicB0mb508 Member Posts: 538
    Good luck Paul. I think this one might be on my list after GCIA and GCFW.
    I bring nothing useful to the table...
  • coffeekingcoffeeking Member Posts: 305 ■■■■□□□□□□
    Paul,
    Appreciate your efforts on sharing your experience. Your posts for GCFW were excellent and provided a great overview of the course. I am interested in GCIH myself and would love to get an insight on it.

    Looking forward to your postings.
  • GAngelGAngel Member Posts: 708 ■■■■□□□□□□
    The disk I got for GPEN is the same for GCIH so this course should be a walk in the park for you.
  • Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    GAngel wrote: »
    The disk I got for GPEN is the same for GCIH so this course should be a walk in the park for you.

    Which is the same disk I got for the GCFW haha
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    pbosworth@gmail.com
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • unsupportedunsupported Member Posts: 192
    I did on demand for GCIH last year and I felt it was fantastic! Ed Skoudis is an entertaining and knowledgeable instructor. The material is easy to keep up with. You may want to also pick up a copy of Counter Hack: Reloaded. Some of the testing material is directly lifted from the book.

    Also, make your indexes! I passed with a 94%, but could have done 100% if I looked up ever answer.
    -un

    “We build our computer (systems) the way we build our cities: over time, without a plan, on top of ruins” - Ellen Ullman
  • Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    I did on demand for GCIH last year and I felt it was fantastic! Ed Skoudis is an entertaining and knowledgeable instructor. The material is easy to keep up with. You may want to also pick up a copy of Counter Hack: Reloaded. Some of the testing material is directly lifted from the book.

    Also, make your indexes! I passed with a 94%, but could have done 100% if I looked up ever answer.

    Indexes got me through the GCFW with flying colors. I've actually got Counter Hack Reloaded so that's a plus. Thanks for the advice. Did you encounter any pitfalls in the exam that maybe was under-covered from the course material? There were a few instances with the GCFW where the provided coursework did not provide me with what I needed for the exam and I had to rely on past experience. While that's not a problem, it's good to know what the surprises are.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    pbosworth@gmail.com
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • unsupportedunsupported Member Posts: 192
    Paul Boz wrote: »
    Did you encounter any pitfalls in the exam that maybe was under-covered from the course material?

    I do not recall any pitfalls. I was able to find the majority of the information in my index. No surprises.
    -un

    “We build our computer (systems) the way we build our cities: over time, without a plan, on top of ruins” - Ellen Ullman
  • Met44Met44 Member Posts: 194
    Good to hear. I enjoyed the Skoudis Counter Hack book but have never looked into the certification. Interested in reading your account.
  • Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    I blew through book 2 on Saturday. I was surprised to find a table of contents but indexed and tabbed the book anyway. The material was rookie level but I know it gets tougher later on. I'm on the way to los angeles right now and brought books three and four. Id like to at least get through three by Friday.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    pbosworth@gmail.com
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Aside from the first book, it seemed like the majority of the content was a rehash of GPEN (or vice versa). It'd be nice if they gave you a discount for subsequent related courses since there seems to be so much overlap.
  • Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    dynamik wrote: »
    Aside from the first book, it seemed like the majority of the content was a rehash of GPEN (or vice versa). It'd be nice if they gave you a discount for subsequent related courses since there seems to be so much overlap.

    That would be nice... I swear everything I've covered so far has been either in the GPEN material or in the GCFW stuff I have. Book 3 is starting to get into some high-level application testing (web apps mostly) so I'm actually learning a hell of a lot now. The network-based stuff in book 2 and the first half of book 3 is for the birds though. I understand that SANS wants to cross-provide material because it's rare for people to obtain multiple sans certs due to the cost, but the volume of overlap is a little crazy. I feel that even though I got the material for 25% off ($3k total) I should have gotten some type of "second SANS cert" discount because I paid a few grand for the same stuff that's on the other courses. as you said though, once you've got two you can really (derogatory term for your mother) these things out.

    Also, Ed Skoudis is an excellent instructor. I can tell that he's got a strong programming background because he's very eloquent in describing programming and program functions to non-programmer types. It's also nice to hear the GCFW material in someone else's words.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    pbosworth@gmail.com
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • unsupportedunsupported Member Posts: 192
    dynamik wrote: »
    Aside from the first book, it seemed like the majority of the content was a rehash of GPEN (or vice versa). It'd be nice if they gave you a discount for subsequent related courses since there seems to be so much overlap.

    Well, if they ever decided to change their certification/re-certification structure, maybe taking the higher level certs will renew the lower level certs... instead of having to renew in all areas.
    -un

    “We build our computer (systems) the way we build our cities: over time, without a plan, on top of ruins” - Ellen Ullman
  • Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    Well, if they ever decided to change their certification/re-certification structure, maybe taking the higher level certs will renew the lower level certs... instead of having to renew in all areas.

    It would only benefit me if the higher level certs renewed each other, similar to how Cisco works. If you take any professional level exam and pass it it renews all of your professional level certs for x number of years. With SANS, even if I have to renew every three years, I will have to re-challenge anywhere from two to four tests in a short period of time. I don't foresee renewing all of my prospective SANS certs because there just isn't enough time in the day.

    That's a bridge that I can burn down when I get to it though. I planned to work on a good bit of book 3 tonight but I've got a hell of a lot of work to get caught up on so I'm going to do that instead.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    pbosworth@gmail.com
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Hm, I responded last night, but my post didn't go through.

    The renewal is actually every four years: GIAC Information Security Recertification Overview

    However, I didn't know they allowed you to get new course materials on the cheap. I thought you needed to purchase a new course every four years or just take a stab at it. I'm much more inclined to go this route now (even though a single exam recert would be ideal) than I was when I was expecting to have to somehow come up with $20k every four years to keep five active. I'm back on the bandwagon to whoring GIAC certs icon_lol.gif
  • GAngelGAngel Member Posts: 708 ■■■■□□□□□□
    dynamik wrote: »
    Hm, I responded last night, but my post didn't go through.

    The renewal is actually every four years: GIAC Information Security Recertification Overview

    However, I didn't know they allowed you to get new course materials on the cheap. I thought you needed to purchase a new course every four years or just take a stab at it. I'm much more inclined to go this route now (even though a single exam recert would be ideal) than I was when I was expecting to have to somehow come up with $20k every four years to keep five active. I'm back on the bandwagon to whoring GIAC certs icon_lol.gif

    It's $325 to re-cert and if you're re-certifying more than 1 in a year they're $200 each. I THINK.
  • Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    GAngel wrote: »
    It's $325 to re-cert and if you're re-certifying more than 1 in a year they're $200 each. I THINK.

    I believe that's accurate. It still doesn't solve the problem of having to sit multiple exams every several years to stay current. A "re-cert one and you're done" policy would be ideal.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    pbosworth@gmail.com
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • _Dark_Knight__Dark_Knight_ Member Posts: 7 ■□□□□□□□□□
    Just passed the SANS GCFW (GIAC Certified Firewall Analyst), got a 89%. About five seconds after passing the exam I got an email from SANS congratulating me on the pass. They've already updated the GCFW portal with my name/number/score. It looks like I'm analyst #3038, one of 1344 GCFW's globally. It was definitely the most challenging exam that I have ever taken and was very heavy on practical application of the material. I'm pretty excited about the pass. Rather than asking you abstract questions about a firewall log, for example, you might be presented with a traffic flow and be asked to describe what's going on.
    Either way, I'm excited about it because hands-on was something I felt the GCFW was dreadfully lacking.
    Not sure I follow ???
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    While the material was heavy on practical application, the exam was multiple choice. Newer exams have virtualized exercises that amount to something like 5-10% of the exam.
  • GAngelGAngel Member Posts: 708 ■■■■□□□□□□
    dynamik wrote: »
    While the material was heavy on practical application, the exam was multiple choice. Newer exams have virtualized exercises that amount to something like 5-10% of the exam.

    Mine was 5%. It was just unfortunate they didn't work :)

    Far too simple i found though for the material covered. I want them to bring back the two part exams where you have to do a paper as well. Assuming they knock off some of the price.
  • _Dark_Knight__Dark_Knight_ Member Posts: 7 ■□□□□□□□□□
    Ahhhhhhh I follow :)
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    GAngel wrote: »
    Mine was 5%. It was just unfortunate they didn't work :)

    Far too simple i found though for the material covered. I want them to bring back the two part exams where you have to do a paper as well. Assuming they knock off some of the price.

    I'll let you know how mine goes. It was scheduled for next Thursday, but I've been writing reports every night while on-site, so I haven't had any time to study. I'm out two weeks after next, so I guess I'll take a stab at it in early March. I also have to do CCNA:S, and my CISSP has been booked for mid-April. Busy busy busy! icon_eek.gif
  • GAngelGAngel Member Posts: 708 ■■■■□□□□□□
    I got the work study offer to do the GCIH in march. Not sure if i'll do it as i've got a ton of other stuff going on but i'm thinking about it. Being so similar to GPEN i'm just not sure.
  • Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    From a salary perspective there's no reason not to do the GCIH. It's a lucrative cert and if you can whore out the SANS stuff you're golden. Do you think I have any interest in challenging the GPEN? Heck no. But I'm going to, because I can challenge it for like $800 and tack on another SANS cert. I've even considered the GSEC just to make the GSE a possibility (that is, if Dynamik buys the Linux/Windows courses). I'm not really learning a hell of a lot from these SANS certs but they do validate what I know and that's the point.

    To that point, I actually completed the on-demand material last night. It was very quick to get through because Skoudis is very entertaining and keeps you on track. He's a heck of an instructor. I do like how every single attack vector which gets covered is presented in a way that promotes incident handling. The general format is "High level explanation followed by details about how it works, followed by how to actually do it with specific tools, followed by how to apply incident handling techniques using all of that information. It's an effective way to present the material. I've actually learned how to be a more effective teacher to be honest.

    nbw6k2.png
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    pbosworth@gmail.com
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Paul Boz wrote: »
    I've even considered the GSEC just to make the GSE a possibility (that is, if Dynamik buys the Linux/Windows courses).

    The GCWN and GCUX are only necessary if you want to skip GSEC. GSEC, GCIA, and GCIH are all you need. That's why I'm planning on the GCIA.

    You also need to be gold in two of the three or you can use other SANS certs as a substitution. Your GCFW and future GPEN will satisfy that requirement. And yes, I have every intention of whoring out gold status as well.
  • GAngelGAngel Member Posts: 708 ■■■■□□□□□□
    good luck to both of you. GSE is a crowning achievement. I turned down the gcih and think i'll go for all the cissp concentrations instead. They're more in line with where I think my career will be in 5 years.
  • Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    Over the last few days I've completed highlighting all but book 5. Book 6 is the lab manual and I've finished that already anyway. I've tabbed all but book 5 as well. Yesterday I re-did all of the labs up to book 4 and feel confident that I could completely own the lab in roughly zero time flat. The lab book spells out the fact that only a handful of tools are necessary and they're all tools I use in my job anyway. I'm going to finish off highlighting and tabbing book 5 tomorrow then make my tools reference index and take the practice test. Depending on how I perform on that I'm going to schedule out the exam.

    I will say that the password cracking section somewhat disappointed me. The John the Ripper coverage is nice but I dislike that Ed references Cain for password cracking. I prefer Ophcrack for rainbow attacks because it's faster, more lightweight, and supports larger tables. It's good to know that aspect of Cain but there are other, more powerful, functions that don't get covered.

    I can't wait to knock out the GPEN.
    GAngel wrote: »
    good luck to both of you. GSE is a crowning achievement. I turned down the gcih and think i'll go for all the cissp concentrations instead. They're more in line with where I think my career will be in 5 years.

    We're going to do those also.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    pbosworth@gmail.com
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Paul Boz wrote: »
    We're going to do those also.

    Yes. They aren't mutually exclusive ;)
  • GAngelGAngel Member Posts: 708 ■■■■□□□□□□
    dynamik wrote: »
    Yes. They aren't mutually exclusive ;)

    Oh i know but i'll only have time to get any certs doen the rest of this year. It'll take longer than that for me to get the GSE so i'm not going to start and then put it off for 2 years. the cissp conentrations i can knock out by early next year latest.
  • Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    I'm going to be in Biloxi, MS from Monday to Friday so needless to say I'll be getting a ton of study time in. All I have left are a few labs from the end of book 4 and tabbing/indexing book 5. I can do my "tools reference" index in a couple of hours so that's a non issue.

    My real problem? Due to my travel schedule I can't take this test when I want to. I don't have to take it until May 27th but I'd like to take it on the 26th of March when Dynamik is doing the GPEN. It's looking like I'm going to have to take this thing the first week of May, a full month later than I want to do it. That being said, I'd like to get the GSE sooner than later so I'm going to start studying for the GSEC as soon as I'm finished with my GCIH material. I'd really prefer the GPEN over the GSEC but if it's a requirement it's a requirement and there's nothing I can do about that. After the GSEC all I'll need is the GCIA (which Dynamik is buying next year) and one gold paper and I'll be able to qualify for the GSE. I should be able to complete this by April of 2011 assuming Dynamik buys the GCIA first thing next year. I'm still trying to fit the CISSP material in between, which is making for fun times.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    pbosworth@gmail.com
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    I'm probably not going to get to take it on my date either since my travel keeps getting jerked around. I need to get on that ASAP though since it expires 4/3 icon_eek.gif

    Looking at the past dates, it looks like the GSE lab is only offered once in the fall, so that seems like a good project for later in 2011. My 2010 schedule is looking brutal, but I'm going to try to get as many miscellaneous things out of the way as possible, so I'll have 2011 to work on that exclusively. I think I'm going to purchase the Wireshark package, to use in prep for that as well. I wonder what other resources really get into the nitty-gritty details that will be necessary for that exam. The Hackers Challenge books are great too.
Sign In or Register to comment.