If you know the answer, answer it On the basic it course part, basic to one person may very well be advanced to the person sitting next to them I know things that would seem basic now would have looked like a foreign language when I started down this road two years ago. Every index I’ve created for a SANS/GIAC exam has had a “tool” section and it has always been worthwhile. Any examples I made bold. The steps below detail how to build an index that will help you pass your SANS GIAC exam. Could you recommend this methodto prepare for the GCFA exam? I have worked closely with several GSEs, and have established relationships with several sans course authors. They won’t hurt to take in but recent course books combined with a detailed index should be more than sufficient. Thanks in advance, SANS classes are great. 560 is very different from 504. Can you provide any advice on studying for the CISSP? <> Great points! For example, “503.1”, “503.2 + 503.3”, etc. Hello all... long time reader, first time poster. Pingback: Passed GSEC 401, have an extra practice exam if anyone wants it. 4. Create a spreadsheet with tabs labeled for each book in the course. My index was around 8 pages + I made my own reduced materials … a “book” with most important parts from original book (100 pages). Are there tool-specific questions on the exam? Vendor: SANS; Exam Questions: 328; Last Updated: November 14th, 2020; Go To SEC504 Questions . But I did know the material fairly well, I spent close to 80-100 hours reading the books and doing the on-demand video classes (+labs). Highlighted important facts, tools, and terms. When I asked Neal how long he thought an index should be he replied “fifty pages” without blinking. You need to get familiar with the books by reading them, then create a basic index, oh and good luck. Indexing is definitely a skill that needs to be practiced a few times other wise you will be creating something pretty useless. 2 0 obj If the answer is no then I need to get myself to the point where I could before I move on. When I’m going through books I think of of a guy I know who is kinda tech savvy but not an infosec guy at all. Agree 100%. THC Hydra: Password guessing, dictionary … This is very helpful, Thank you for your time to craft this article. I only used the books from the SEC511 course. Make 2 or 3 passes on each book, highlight some stuff etc…. %PDF-1.5 If you need a 50 page index for a course like this then you’re doing something wrong, like maybe not reading the books before hand. Thanks in forward . My recent indexes have been 8-12 pages of indexed book content then some extras (common ports, tool cheat sheets etc). Thus I had to give it a boost. thank you very much for your tips and help. Or did they print and index everything according to a specification you sent over? It should also be noted that when I took SANS 504, the instructor actually gives links to unvetted SANS 504 indexes by previous students. Step 5: Edit SANS index at the back of book 5 (see below). Common ports, a dec-binary-hex conversion chart etc. I was starting to go through the books and adding their own tabs, but it struck me this it isn’t very helpful for finding items, especially under exam conditions. Learn more about SANS OnDemand. Gcih - sans 504. laughing_man Member Posts: 84 November 2013 in GIAC. NOTE: I am unable to provide copies of this index so please do not ask. Dumps4Success is considered as the top preparation material seller for SANS SEC504 exam dumps, and inevitable to carry you the finest knowledge on Hacker Tools exam certification syllabus contents. If someone would like to share detailed Sans 504 book index please send it to dvd_maxmk (at) yahoo (dot) com. Everyone is screened, selected for my program. I followed up with a question on how he formatted his indexes and he offered to have his wife bring one of his when she came into town the next day. Any tool mentioned in a book went in here. The steps below detail how to build an index that will help you pass your SANS GIAC exam. Password Representations are stored hashed or encrypted passwords.Windows = SAM Linux = /etc/shadow 2. For the first course, I relied more on SANS index and barely made any edits. Thanks Better GIAC Testing with Pancakes | Hacks4Pancakes' tisiphone.net, Passed GSEC 401, have an extra practice exam if anyone wants it, GCIH – GIAC Certified Incident Handler – Netlock Security, https://www.giac.org/media/exams/prep-guide.pdf, Tips, Tricks, and Traps When Prepping for a GIAC Certification Exam – Br0nw3n's World, GIAC Certified Incident Handler (GCIH) – @n3tl0kr, SEC560 penetration testing course and GPEN review - chosenhacks.com. GIAC exam (obviously, being certified and depending on score eligible to Sans Advisory Board and Mentor Program I will discuss later.) Pingback: Has anyone taken GMON exam yet? Today is a competitive world and the smartest, best, and most qualified get paid a lot of money to work in amazing fields. I’m happy to say that over the weekend I passed (thank you, thank you) and wanted to share my strategy on studying for GIAC certification exams.. Don’t put off studying. Hi Matt, thanks for sharing. SANS Cheat sheets. During testing, I recommend: Computer security is a field where things change daily. If you’ve taken a few GIAC tests and have had good results, then by all means keep doing what you’re doing. 3 0 obj endobj I just got home from the 408 course down in VA Beach. Overall I'm not a huge fan of the SANS style brain dump/fire hose approach but if you are going to do it then indexing the text is a great way to reinforce the material. I recommend doing a self assessment on each concept. SANS now gives students the exam index at the back of book #5. If something wasn’t a tool or a windows or Linux command, it went in this section. The process of going through the text to index it really helped implant the knowledge in my brain. A few months ago I finally decided to go for my GCFA certification. That’s why just grabbing one from someone else won’t help much. DF400ex Registered Users Posts: 2 April 2012 in GIAC. SANS OnDemand is an extremely convenient and flexible solution to take SANS … As I mentioned in a previous post, I recently took SANS SEC 504 and have since been studying for the accompanying GIAC Certified Incident Handler (GCIH) certification. This being my first GIAC exam I would highly recommend doing this for ALL exams and plan to going forward. Inceident Handling (Definition) Incident Handling Action Plan Initial 1 Initial 2 BK JU 1 1 RA Intellectual One thing you will need though, any "**** Sheets" they provide. Also, since a lot of the material was new to me my learning went from exposure to concepts to specifics. Assuming you took the class in person and have the courseware then I'd say the index included in the last book is good enough. Index - Tools By Keyword (SANS 504-B) DNS Transfer | nslookup set type=any ls-d...( 2 / 25 ) Dnscat | ports over DNS...( 3 / 7 ) DNSCat2 | Covert Ch trans via DNS...( 5 / 136 ) One of the most important parts of preparing for the CISSP is preparing for the types of questions that they ask and putting yourself into the necessary mindset to pick the “best” answer. endobj To stay on top you must have a strong foundation in the essentials of security. ( 5 / 69 A few months after my GCFA exam I got an opportunity to attend a SANS SEC 504 class. Anyway, your post helped me a lot, thank you once again. Too bad I can’t attach the index here as an example. A large index can be time consuming but is an awfully nice security blanket come test day Do you know what course you’ll be taking next? You’re last paragraph made me chuckle. Great class!! 2 weeks a cert. Day (Book), Module, Content, Page. Building an index for SANS is part of the whole experience for me and gives me another opportunity to go over the material. SEC 504 is a very popular SANS … Thank you for sharing your tips! The SANS Institute provides some of the best security training in the industry. At some times I ended up answering some questions without checking the Index, I actually knew where the stuff was located. I got some great advice recently on creating an index for SANS exams and I wanted to write a blog post to share it with others. Thank you. In short, 560 covers penetration testing and ethical hacking, while 504 addresses incident handling. This means that they don’t understand the concepts, and look up keywords only to run out of time. I was at 93% after 15 questions but had only answered 20 after 1 hour. This course addresses the latest cutting-edge insidious attack vectors, the "oldie-but-goodie" attacks that are still so prevalent, and everything in between. Those cheat sheets from the SIFT kit belong, a page of common ports, a page of hex/binary/decimal etc. Thank you. That’s a really tough test and you should be proud. Also, remember you can print up cheat sheets like common ports or anything else and tack them onto the back of your index too. With this being my second SANS course and certification, I believe this is the area I improved the most. Then taking a practice test, not for a score, but to validate understanding of the concepts, and the ability find the details with the index. I love the side benefit of having it index things across multiple courses. SANS SEC504 (GCIH) was the perfect sequel to the SANS SEC401 (GSEC) course I took over a year ago. I passed the exam with a score in the 80s but it was a grueling experience. Create a spreadsheet with tabs labeled for each book in the course. If it works for you you’re totally on the right track , Pingback: Starting the GSEC - First SANS Course. I really wanted to prepare for my GCIH exam the right way so while I was at the conference I asked several individuals how they prepared their index. Sometimes you won’t like any of your options but you still need to identify the one that the test is looking for. Thanks! Studying : GPEN Reading : SANS SEC560 If they mention a functionality and then listed 7 tools, all 7 tools went into this section. To stay on top you must have a strong foundation in the essentials of security. I currently am a GSEC, GCFA, GPEN, GSNA, GCIA, GCIH, GCWN, GCCC, CISSP. 1. Building an index for SANS is part of the whole experience for me and gives me another opportunity to go over the material. I am still using your example to rewrite the one SANS provided. Learn vocabulary, terms, and more with flashcards, games, and other study tools. But if you have your first SANS/GIAC exam coming up and feel like you could use a little extra help, I would seriously consider taking the time to make a comprehensive index. Thank you very much for posting your ideas. Your allowed to bring any printed material you wish into the exam but the exam questions will be based off content in the course ware books so those will be the one’s that you’ll want to reference an overwhelming majority of the time. Putting together a comprehensive index proved to be an incredible time investment but as I was going book by book putting it together I was also learning. I haven’t had a chance to read “Network Forensics: Tracking Hackers through Cyberspace” yet but I’ve heard good things from people who do that style of work daily. I have linked as many as I am aware of below. SEC 505 isn’t on the top of my to-do list but it is on there. I don't think it comprehensive enough or a reason not to make an index yourself. That means knowing the majority of SEC504 content is required because they test randomly on the many subjects available. My index ended up being 31 pages I created plus a few pages I copied (IvP4 breakdown etc. SANS 504 book index. You will often have questions where the correct answer appears as the dumbest/too-simple-to-be-correct one. SEC 504 itself. It will also likely point out a few areas that could use some extra work. Your blog helped me a lot. Label the first four columns with: “Page”, “Keyword 1”, “Keyword 2”, and “Keyword 3”. When I took my GCFA my books were four years out of date so I took in my course books, some cheat sheets (log2timeline etc. Even after double exposure from two of the best instructors in the world that third exposure to the material (from the books) really helped solidify a few of the concepts. Quite frankly, i probably spent as much time editing the index than i would have if i created from scratch. I don’t know anybody who’s taken the GMON yet but when you register for an exam you’ll receive two practice exams which in my experience have been by far the best indicators of what type of questions the exam has. Tracked down your SANS course tool and software cheat sheets! Seth did create a basic index which was made available to the class. I just take five different colored index cards, fold them in half, and make an index per book. Step 5: Edit SANS index at the back of book 5 (see below). SANS Security Essentials curriculum consists of courses designed to help you gain the knowledge and hands-on skills you need to succeed as a security professional. I go straight into excel and type in any entries as I go through each book page by page and ask myself if I understand the concept good enough to explain it to someone else. Same post test process but you probably won’t have a ton to add. I’ve never had an issue with that on the SANS test but that was huge for me with the CISSP since sometimes I disagreed with all four options. It would take longer to modify than it would to make one from scratch. The tools section is self-explanatory. When I hit a topic while making my index I always ask myself “could I explain this topic to him?”. Pingback: Better GIAC Testing with Pancakes | Hacks4Pancakes' tisiphone.net. It was close to 50 pages and had been professionally bound at Kinkos. https://www.giac.org/certification/certified-incident-handler-gcih No 3 hole punch needed!!! Thanks buddy I had to move the test to July but this gives me some time to tune my indexes. I take that test just like I would the real one and usually add a decent amount to my index after that. Also, the GMON is a new certification, thus I have not heard how difficult it is from anyone yet. I ended up getting a 94 on my GCIH exam which I was obviously thrilled with and I think the index (both preparation and usage) was a big reason why. SEC504 was my second class (behind CISSP prep) and it was an excellent class. Aren't The Courses Pretty Much the Same? �O�;��NW���o����H{c>��w�q��͗�����_{ Y���H�w|�_��~�����hzo/����!��8�W\���sL���>�W$b�*����>P��Z��PHV�i=���ď�}~�%����;�42�|�{��b��%�w���1���G���ץ��Ȋ]��a����k������9��3��q��ӏ��3iB��I�g��B���!|�'�d"(t�_/B��0� J$�H�q��Q��gB�h��R^��b�Br�@��J�,$��. The next day he showed me a copy of his GSEC index and I was impressed. Fortunately, the second part of the exam was more practical-oriented and thus I could answer a fair amount of questions without having a single glance at books/cheatsheets. They often use a large keyword index to “brute force” the test. Computer security is a field where things change daily. Thanks man I appreciate you being honest about how you prepared. I like to complete my index and print a rough draft before I take a practice test. The exam is tough, but if you study everything in the books, you'll be prepared for the exam. I’ve also started sticking a few cheat sheets onto the end of all my indexes. I disagree. That helps me gauge how much time I need to spend studying that or if I can move onto the next topic. Password Guessing: use a valid ID and try a list of passwords, no brute force, slow Page 6 3. Password Cracking: protect from unauthorized disclosure, modification, removal Page 5-52 a. This post is meant solely to help students who have never seen an in-depth index get a feel for how they could design one of their own. The structure of the material in 504 makes it really easy to look stuff up. Index - Terms By Keyword (SANS 504-B) Attack Phase | 3 Phases of an Attack [ 1 / 20 ] Command Shell .vs Terminal | Ctrl Charactors are not handled correctly -- Cause Shell Collapse [ 3 / 150 ] Command Shell .vs Terminal Access | General Overview [ 3 / 149 ] Enum Accounts | Enum Syntax [ 2 / 159 ] Enum Accounts | Enum tool - Usage [ 2 / 166 ] Index - Terms By Keyword (SANS 504-B) Attack Phase | 3 Phases of an Attack [ 1 / 20 ] Command Shell .vs Terminal | Ctrl Charactors are not handled correctly -- Cause Shell Collapse [ 3 / 150 ] Command Shell .vs Terminal Access | General Overview [ 3 / 149 ] Enum Accounts | Enum Syntax [ 2 / 159 ] Enum Accounts | Enum tool - Usage [ 2 / 166 ] At this point between working full time and trying to get a cert a month I don’t have much time for original research so the biggest way I can contribute is trying to help others pick the course that’s best for them and properly prepare for those tests. I’m kind of sloppy and would not want to attempt to three-hole punch everything and place into a binder, so a binding from a print shop would probably be best and look better. SANS Security 504 focuses on incident handling, addressing practical methods for preparing for detecting and responding to computer attacks. Not at all. I think they provide an "index" to show a sample of how you could design one. type stuff) tacked onto the end in a “misc.” section. Everyone else I work with has at least 3 GIAC certs. These index don’t take much time. This is a basic IT course, nothing special or complicated, just lots of it. In preparation I had 6 SANS books to create the index from. For example, “503.1”, “503.2 + 503.3”, etc. Any tool related questions are usually quick and easy with a solid index. I’ve used Chris Crowley’s script for generating an index for several of them and found it helpful. Index - Terms By Keyword (SANS 504-B) /dev/kmem | Kernel-Mode Rootkit Linux map of Kernel Memory. I had to rush on the last part of the exam and never felt comfortable. Many of their classes include the so called “Cheat Sheets” which are short documents packed with useful commands and information for a specific topic. How did you handle that sort of thing? Voltaire is a web-based indexing tool for GIAC certification examinations. I am a infosec professional, instructor, writer, sans mentor. Step 6: Take practice exams (see below). Please let me know! I listed the commands, a brief description and sometimes a command line example. )B��F� �O����� �|溜s Harlan Carvey’s books on Windows operating systems and the new “Art of Memory Forensics” book by the Volatility devs are must owns. I really wanted to prepare for my GCIH exam the right way so while I was at the conference I asked several individuals how they prepared their index. peter. Just took and passed the test yesterday. I’m glad you found it helpful . It isn’t what I would consider “complete” but it is a great starting point. The idea of creating your own portable A-Z index makes much more sense for searching (and reinforcing your understanding of) concepts. Pingback: GCIH – GIAC Certified Incident Handler – Netlock Security. A few months after my GCFA exam I got an opportunity to attend a SANS SEC 504 class. The main section consisted of both items and concepts. The main thing is really to keep cool during the whole exam, and manage your time. I don't think it comprehensive enough or a reason not to make an index yourself. I took the SANS FOR 508 Computer Forensics course in 2008. It worked great for me, I looked up many (probably more than half) answers in the books during the exam, mostly for verification. In similar fashion you cover one book per day, but the books are only “yay” thick (a welcome reduction compared to 401): Let me give you 5 reasons why this course is a must-do for any security professional. Have to sit the GSEC now (401) – your tips will come very useful, thank you again! People don’t believe you but honestly the process of creating a good index is as important as having the index. %���� SEC 504 itself. I ended up with close to 28-30 pages, but I know I missed quiet a bit of the tools that were discussed in it since that was brought to my attention 2 weeks before my exam that I should do it. SEC 504 is a very popular SANS … View Notes - 2016 504 Key-word Index.pdf from SANS 504 at SANS Technology Institute. I’m working on my SANS 401 index while going back and reviewing the material and I thought my index was going to end up way to big and detailed and be rendered useless but it sounds like I’m on the right track! Are you ready to crush the Hacker Tools, Techniques, Exploits and Incident Handling and get certified? I am finishing up SANS 504 On Demand and am prepairing to take the GCIH. Step 6: Take practice exams (see below). I have a technically savvy friend who isn’t into infosec. 2. Label the first four columns with: “Page”, “Keyword 1”, “Keyword 2”, and “Keyword 3”. This video will outline many of the features and benefits of SANS OnDemand, our battle-tested online platform that offers 4 months of anytime, anywhere access. I followed GIAC’s advice on how to prepare here: https://www.giac.org/media/exams/prep-guide.pdf The difference between having no index and 4 year old books to having current materials and a large index was night and day so I’m sure you’ll nail it. GCIH already breaks it down. SANS Exam Preparation Tips Ben S. Knowles BBST, CISSP, GSEC, GCIH, GCIA, ITIL, LPIC-1 I print everything myself (from excel), print the coversheet using powerpoint and then take it to kinkos where they slap a plastic cover on it and bind it. <> Pingback: Tips, Tricks, and Traps When Prepping for a GIAC Certification Exam – Br0nw3n's World, Pingback: GIAC Certified Incident Handler (GCIH) – @n3tl0kr, Pingback: SEC560 penetration testing course and GPEN review - chosenhacks.com, Your email address will not be published. Wish i could upvote or like I have 40 days to go for GCFA and have lot of things to do, Do you index using excel directly or use paper pen then turn it into digital ?? Thank you for the kind words. My class had a teaching assistant (also SANS mentor) named Neal Bridges who gave me some slightly different advice. The best advice I ever heard was from Eric Cole. Did you print out every page yourself, provide the tabbed dividers, and bring all of the loose sheets to Kinko’s just for binding? Final thoughts : that exam would have been a total nightmare without the FOR508 training materials. endobj With this I went through materials around 3 times and I was able to quickly go through everything very fast just because of “my book”. I recommend a short table of contents index, in book order, that outlines each concept. All that said I usually get at least one message a week from someone telling me that my example and explanation really helped them with theirs and that is exactly what I was going for. My index had the following columns: I did this exact same thing for my 504 class! It should also be noted that when I took SANS 504, the instructor actually gives links to unvetted SANS 504 indexes by previous students. Seems like it would go both places, but would be a bit redundant. They say the index should be “not too granular, but not too general” and 2-3 pages total. I ask myself “Could I explain this to him?”. 4 0 obj So whether you used my index system or somebody else’s, let’s recap. I had practice tests in the SANS course, practice tests in Conrad’s book, signed up for the cccure practice tests and bought the exam cram practice test book (not their study guide). SANS course I cant afford . Will post back with any input I can following the challenge. By going through all of these practice exams not only will you get a feel for the types of questions which will be asked but since they’re broken down by category it will help you identify which domains you should spend additional time studying. In the end I was very familiar with what is where in which book. Time consuming but it will make your test day a lot more enjoyable . The tool index is huge as it turns any tools based questions into freebies. At first I thought that was weird but when you look at the sheer volume of information covered in the course it makes sense. Conrad and Cole talk about that a lot in the SANS CISSP prep course. I also agree that understanding the material is key. 1 0 obj After extensive formatting, i used this as the basis for my test index. I don’t think it would be possible to complete an exam if you were looking up each question. endobj <>/Font<>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 612.09 792.12] /Contents 5 0 R/Group<>/Tabs/S>> If available, get a keyword index, or create one with details as a study tool. The windows commands and Linux commands are also self-explanatory. And as mentioned, with the certification attempt, you’ll receive two practice tests to gauge your readiness for the real thing. I feel confident I feel that I have done a pretty good job at indexing my books, but I get nervous about not doing well on the exam. I’ll be taking the GCIH soon and need to prepare an index.
2020 sans 504 index