The steps below detail how to build an index that will help you pass your SANS GIAC exam. SANS Cheat sheets. SEC 505 isn’t on the top of my to-do list but it is on there. I have linked as many as I am aware of below. I don’t know anybody who’s taken the GMON yet but when you register for an exam you’ll receive two practice exams which in my experience have been by far the best indicators of what type of questions the exam has. A large index can be time consuming but is an awfully nice security blanket come test day Do you know what course you’ll be taking next? bk just means book since there are six of them. Or did they print and index everything according to a specification you sent over? If something wasn’t a tool or a windows or Linux command, it went in this section. SEC 504 itself. Final thoughts : that exam would have been a total nightmare without the FOR508 training materials. Remember that your index can include anything. I don’t distribute them because (in addition to the you’re far better off creating your own factor) the material is constantly being revised so they would be out of date. It will also likely point out a few areas that could use some extra work. Did you print out every page yourself, provide the tabbed dividers, and bring all of the loose sheets to Kinko’s just for binding? I only used the books from the SEC511 course. Thanks for this post Matt. All stuff you would normally be fine without but after taking the GSEC, CISSP and GISP in a two-three month period my brain now fries early in the test process . In the end I was very familiar with what is where in which book. SANS now gives students the exam index at the back of book #5. Vendor: SANS; Exam Questions: 328; Last Updated: November 14th, 2020; Go To SEC504 Questions . Thanks a bunch mate. It was way over my head but I had a great time and learned a ton. 4 0 obj I have just registered for the SEC511 course, which I would like to take also the GMON certification exam for it. The difference between having no index and 4 year old books to having current materials and a large index was night and day so I’m sure you’ll nail it. For instance netcat is a tool, but also a command. Also, the GMON is a new certification, thus I have not heard how difficult it is from anyone yet. Step 6: Take practice exams (see below). I’ve got my SANS 560 coming up, first SANS training I’ll be attending, so this is mighty helpful. Thanks 2 weeks a cert. This video will outline many of the features and benefits of SANS OnDemand, our battle-tested online platform that offers 4 months of anytime, anywhere access. Probably, but I’m so far from being a super genius that I needed all the help I can get. Pingback: Better GIAC Testing with Pancakes | Hacks4Pancakes' tisiphone.net. Any examples I made bold. I don't think it comprehensive enough or a reason not to make an index yourself. Hello, No one book will cover the entire course but there are some great books out there. SANS 504 book index. Thank you for the kind words. Your allowed to bring any printed material you wish into the exam but the exam questions will be based off content in the course ware books so those will be the one’s that you’ll want to reference an overwhelming majority of the time. 3 0 obj Index. This means that they don’t understand the concepts, and look up keywords only to run out of time. They often use a large keyword index to “brute force” the test. So that’s what I ended up with, 3 pages. Building an index for SANS is part of the whole experience for me and gives me another opportunity to go over the material. At some times I ended up answering some questions without checking the Index, I actually knew where the stuff was located. All that said I usually get at least one message a week from someone telling me that my example and explanation really helped them with theirs and that is exactly what I was going for. Thank you. Create a spreadsheet with tabs labeled for each book in the course. SANS Exam Preparation Tips Ben S. Knowles BBST, CISSP, GSEC, GCIH, GCIA, ITIL, LPIC-1 This post is meant solely to help students who have never seen an in-depth index get a feel for how they could design one of their own. Sometimes you won’t like any of your options but you still need to identify the one that the test is looking for. Day (Book), Module, Content, Page. Thanks in advance, Many of their classes include the so called “Cheat Sheets” which are short documents packed with useful commands and information for a specific topic. Then taking a practice test, not for a score, but to validate understanding of the concepts, and the ability find the details with the index. Better GIAC Testing with Pancakes | Hacks4Pancakes' tisiphone.net, Passed GSEC 401, have an extra practice exam if anyone wants it, GCIH – GIAC Certified Incident Handler – Netlock Security, https://www.giac.org/media/exams/prep-guide.pdf, Tips, Tricks, and Traps When Prepping for a GIAC Certification Exam – Br0nw3n's World, GIAC Certified Incident Handler (GCIH) – @n3tl0kr, SEC560 penetration testing course and GPEN review - chosenhacks.com. I 100% agree about needing to read the books and understand them in conjunction with an index. The main section consisted of both items and concepts. Step 5: Edit SANS index at the back of book 5 (see below). In short, 560 covers penetration testing and ethical hacking, while 504 addresses incident handling. I recommend a short table of contents index, in book order, that outlines each concept. Index length is up to you. GIAC exam (obviously, being certified and depending on score eligible to Sans Advisory Board and Mentor Program I will discuss later.) Can you suggest some books in market or other resources for GCFA. Inceident Handling (Definition) Incident Handling Action Plan Initial 1 Initial 2 BK JU 1 1 RA Intellectual I am responsible for getting students through a very intensive that includes 3-5 GIAC certs in about 6-10weeks. But if you have your first SANS/GIAC exam coming up and feel like you could use a little extra help, I would seriously consider taking the time to make a comprehensive index. The structure of the material in 504 makes it really easy to look stuff up. 1. My index was around 8 pages + I made my own reduced materials … a “book” with most important parts from original book (100 pages). I think they provide an "index" to show a sample of how you could design one. SANS GCIH CERTIFICATION GUIDE: BOOK 504.4: 1. Always keep in mind you are required to give the correct/most correct answer, not the smartest-in-your-opinion one. Good luck!!! View Notes - 2016 504 Key-word Index.pdf from SANS 504 at SANS Technology Institute. The main thing is really to keep cool during the whole exam, and manage your time. You need to get familiar with the books by reading them, then create a basic index, oh and good luck. When someone fails, they always say they ran out of time. I disagree. Thank you for sharing your tips! The exam is tough, but if you study everything in the books, you'll be prepared for the exam. But I did know the material fairly well, I spent close to 80-100 hours reading the books and doing the on-demand video classes (+labs). The most important book to know/index precisely is the 4/5 from SANS FOR508 in my opinion. I haven’t had a chance to read “Network Forensics: Tracking Hackers through Cyberspace” yet but I’ve heard good things from people who do that style of work daily. GCIH already breaks it down. Matt, If you need a 50 page index for a course like this then you’re doing something wrong, like maybe not reading the books before hand. This is very helpful, Thank you for your time to craft this article. I just got home from the 408 course down in VA Beach. The process of going through the text to index it really helped implant the knowledge in my brain. You should now have: Read the books. That means knowing the majority of SEC504 content is required because they test randomly on the many subjects available. A bit tongue in cheek? Good GSE prep. NOTE: I am unable to provide copies of this index so please do not ask. I recommend doing a self assessment on each concept. stream It can be a slow process but a worthwhile one. 2. My books index was 4 pages (220 items, makes more sense), Tools index was 3 pages (115 items). That’s a really tough test and you should be proud. The process of going through the text to index it really helped implant the knowledge in my brain. 4. Aren't The Courses Pretty Much the Same? I print everything myself (from excel), print the coversheet using powerpoint and then take it to kinkos where they slap a plastic cover on it and bind it. Tracked down your SANS course tool and software cheat sheets! Our SANS SEC504 exam material is good to pass the exam within a week. endobj Index - Tools By Keyword (SANS 504-B) DNS Transfer | nslookup set type=any ls-d...( 2 / 25 ) Dnscat | ports over DNS...( 3 / 7 ) DNSCat2 | Covert Ch trans via DNS...( 5 / 136 ) Thanks in forward . No 3 hole punch needed!!! One thing you will need though, any "**** Sheets" they provide. I’m happy to say that over the weekend I passed (thank you, thank you) and wanted to share my strategy on studying for GIAC certification exams.. Don’t put off studying. Seth did create a basic index which was made available to the class. 5 0 obj I´ll take a GCIH course just have a question, maybe a fool question in the columns you have one in each pictures called “Bk” what it means “Bk”. 2 0 obj This course addresses the latest cutting-edge insidious attack vectors, the "oldie-but-goodie" attacks that are still so prevalent, and everything in between. I ask myself “Could I explain this to him?”. I followed up with a question on how he formatted his indexes and he offered to have his wife bring one of his when she came into town the next day. I listed the commands, a brief description and sometimes a command line example. A few months after my GCFA exam I got an opportunity to attend a SANS SEC 504 class. Index - Terms By Keyword (SANS 504-B) /dev/kmem | Kernel-Mode Rootkit Linux map of Kernel Memory. I really wanted to prepare for my GCIH exam the right way so while I was at the conference I asked several individuals how they prepared their index. When I’m going through books I think of of a guy I know who is kinda tech savvy but not an infosec guy at all. SANS course I cant afford . If you understand the concept, find the detail with concept index. book Abbr. This is a basic IT course, nothing special or complicated, just lots of it. I started building my own index but my job keeps me very busy and my GCIH exam date is coming very soon. I only took one GIAC exam, and that was the GSEC. Password Guessing: use a valid ID and try a list of passwords, no brute force, slow Page 6 3. Great class!! <> Your email address will not be published. My index ended up being 31 pages I created plus a few pages I copied (IvP4 breakdown etc. Those exams are costly to take and I would never want anyone using out of date materials that I provided as a guide. Getting a quick look at someone else’s SANS index (even though it was for a different course) really helped me out so here are a few pictures of mine. I rarely take anything other than the courseware books. Conrad and Cole talk about that a lot in the SANS CISSP prep course. Agreed with the sentiment about learning the material rather than trying to ‘brute force’ the exam. The GCFA is a tough exam and one I’ve very proud to have passed. Do the instructor provide you with specific books to study for the certification during the course or you need to look for the material yourself? I’d love to hear your thoughts on the class as well. Step 5: Edit SANS index at the back of book 5 (see below). <>/Font<>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 612.09 792.12] /Contents 5 0 R/Group<>/Tabs/S>> One thing you will need though, any "**** Sheets" they provide. I also agree that understanding the material is key. SANS classes are great. I really wanted to prepare for my GCIH exam the right way so while I was at the conference I asked several individuals how they prepared their index. Computer security is a field where things change daily. Passed through GCFE at 90% with training books from 2014. It should also be noted that when I took SANS 504, the instructor actually gives links to unvetted SANS 504 indexes by previous students. %PDF-1.5 Gives quick confirmation whenever you have a doubt about a command, tool, plugin… Create your own additionnal cheatsheets if it can help. I am finishing up SANS 504 On Demand and am prepairing to take the GCIH. Hello all... long time reader, first time poster. Same basic strategy of going through every page of the books and creating an index of ever topic, ever tool etc. Had a question on commands and tools section. It should also be noted that when I took SANS 504, the instructor actually gives links to unvetted SANS 504 indexes by previous students. By going through all of these practice exams not only will you get a feel for the types of questions which will be asked but since they’re broken down by category it will help you identify which domains you should spend additional time studying. https://www.giac.org/certification/certified-incident-handler-gcih Practice assessments are really nice to grasp this philosophy. GIAC exam (obviously, being certified and depending on score eligible to Sans Advisory Board and Mentor Program I will discuss later.) I don't think it comprehensive enough or a reason not to make an index yourself. Everyone is screened, selected for my program. Thanks for you tips Matt. In preparation I had 6 SANS books to create the index from. Any tool mentioned in a book went in here. I ended up getting a 94 on my GCIH exam which I was obviously thrilled with and I think the index (both preparation and usage) was a big reason why. At first I thought that was weird but when you look at the sheer volume of information covered in the course it makes sense. View Test Prep - GCIH-Index.xlsx from SEC 504 at SANS Technology Institute. An index can’t be a crutch for not understanding the material, just a quick reference for verification. If available, get a keyword index, or create one with details as a study tool. You will often have questions where the correct answer appears as the dumbest/too-simple-to-be-correct one. If you’ve taken a few GIAC tests and have had good results, then by all means keep doing what you’re doing. So whether you used my index system or somebody else’s, let’s recap. Your indexing method i really great!! Most people told me that their indexes were 8-10 pages. On the basic it course part, basic to one person may very well be advanced to the person sitting next to them I know things that would seem basic now would have looked like a foreign language when I started down this road two years ago. Just passed GCFA with a nice 85%, never went below 73% but that was still a stressful test. SANS SEC504 (GCIH) was the perfect sequel to the SANS SEC401 (GSEC) course I took over a year ago. They won’t hurt to take in but recent course books combined with a detailed index should be more than sufficient. I went through the course via On Demand from Ed Skoudis and in person from John Strand. People don’t believe you but honestly the process of creating a good index is as important as having the index. After extensive formatting, i used this as the basis for my test index. Graduates of SANS FOR500: Windows Forensic Analysis are the front-line troops deployed when you need accurate digital forensic, incident response, and media exploitation analysis. Commands Index: 504 - Hacker Tools, Techniques, Exploits, and Incident Response: 2016: Hail Mary (All-in-1 mash up) 504 - Hacker Tools, Techniques, Exploits, and Incident Response: 2016: IR Phases Cheat Sheet: 560 - Network Penetration Testing and Ethical Hacking: 2017: Key Word Index I’ve used Chris Crowley’s script for generating an index for several of them and found it helpful. For example, “503.1”, “503.2 + 503.3”, etc. When I took my GCFA my books were four years out of date so I took in my course books, some cheat sheets (log2timeline etc. At that point you should feel good. <> Anyway, your post helped me a lot, thank you once again. Could you recommend this methodto prepare for the GCFA exam? Putting together a comprehensive index proved to be an incredible time investment but as I was going book by book putting it together I was also learning. This is all to focus,and save valuable time in a test. Learn vocabulary, terms, and more with flashcards, games, and other study tools. Is there anyway I can get/buy SANS material?? SANS 504 book index. Too bad I can’t attach the index here as an example. They wouldn’t look nearly as nice if I tried to bind it myself . Password Representations are stored hashed or encrypted passwords.Windows = SAM Linux = /etc/shadow 2. I also recommend a short tools index, took cheat sheets, misc for quick wins on answers. I currently am a GSEC, GCFA, GPEN, GSNA, GCIA, GCIH, GCWN, GCCC, CISSP. The best advice I ever heard was from Eric Cole. They say the index should be “not too granular, but not too general” and 2-3 pages total. Index. I had practice tests in the SANS course, practice tests in Conrad’s book, signed up for the cccure practice tests and bought the exam cram practice test book (not their study guide). Fortunately, the second part of the exam was more practical-oriented and thus I could answer a fair amount of questions without having a single glance at books/cheatsheets. The tool index is huge as it turns any tools based questions into freebies. I like to complete my index and print a rough draft before I take a practice test. Label the first four columns with: “Page”, “Keyword 1”, “Keyword 2”, and “Keyword 3”. Required fields are marked *. I love the side benefit of having it index things across multiple courses. I had to rush on the last part of the exam and never felt comfortable. I found that creating the indexes was an important part of the learning process. The Content didn’t span more than 5 pages worth of info, otherwise it would be too general. Have to sit the GSEC now (401) – your tips will come very useful, thank you again! I’ve also started sticking a few cheat sheets onto the end of all my indexes. How many places do you find nmap in a sans course? At this point between working full time and trying to get a cert a month I don’t have much time for original research so the biggest way I can contribute is trying to help others pick the course that’s best for them and properly prepare for those tests. These index don’t take much time. I am finishing up SANS 504 On Demand and am prepairing to take the GCIH. THC Hydra: Password guessing, dictionary … Even after double exposure from two of the best instructors in the world that third exposure to the material (from the books) really helped solidify a few of the concepts. I go straight into excel and type in any entries as I go through each book page by page and ask myself if I understand the concept good enough to explain it to someone else. Not at all. Thanks! I passed the exam with a score in the 80s but it was a grueling experience. Are you ready to crush the Hacker Tools, Techniques, Exploits and Incident Handling and get certified? It was close to 50 pages and had been professionally bound at Kinkos. I have linked as many as I am aware of below. Today is a competitive world and the smartest, best, and most qualified get paid a lot of money to work in amazing fields. Thank you very much for posting your ideas. I’m kind of sloppy and would not want to attempt to three-hole punch everything and place into a binder, so a binding from a print shop would probably be best and look better. I promised myself that I would put together an index like that for my GCIH exam. Those cheat sheets from the SIFT kit belong, a page of common ports, a page of hex/binary/decimal etc. As I mentioned in a previous post, I recently took SANS SEC 504 and have since been studying for the accompanying GIAC Certified Incident Handler (GCIH) certification. Index - Terms By Keyword (SANS 504-B) Attack Phase | 3 Phases of an Attack [ 1 / 20 ] Command Shell .vs Terminal | Ctrl Charactors are not handled correctly -- Cause Shell Collapse [ 3 / 150 ] Command Shell .vs Terminal Access | General Overview [ 3 / 149 ] Enum Accounts | Enum Syntax [ 2 / 159 ] Enum Accounts | Enum tool - Usage [ 2 / 166 ] With this being my second SANS course and certification, I believe this is the area I improved the most. I’m having a hard time deciding what goes where. I’m working on my SANS 401 index while going back and reviewing the material and I thought my index was going to end up way to big and detailed and be rendered useless but it sounds like I’m on the right track! Agree 100%. type stuff) tacked onto the end in a “misc.” section. Same post test process but you probably won’t have a ton to add. Can't wait to get the books and study hard ... How to Guide for making a SANS / GIAC Index with Pictures | Digital Forensics Tips Every SANS class I’ve ever taken has 100% rewarded the hours I spent studying and making a detailed index. Password Cracking: protect from unauthorized disclosure, modification, removal Page 5-52 a. For the first course, I relied more on SANS index and barely made any edits. endobj Thus I had to give it a boost. Any tool related questions are usually quick and easy with a solid index. For the first course, I relied more on SANS index and barely made any edits. That helps me gauge how much time I need to spend studying that or if I can move onto the next topic. Indexing is definitely a skill that needs to be practiced a few times other wise you will be creating something pretty useless. Overall I'm not a huge fan of the SANS style brain dump/fire hose approach but if you are going to do it then indexing the text is a great way to reinforce the material. If you know the answer, answer it The idea of creating your own portable A-Z index makes much more sense for searching (and reinforcing your understanding of) concepts. Common ports, a dec-binary-hex conversion chart etc. I have worked closely with several GSEs, and have established relationships with several sans course authors. Can you provide any advice on studying for the CISSP? My created content was broken down into two big sections (main and tools) and two small sections (windows commands and Linux commands). Seems like it would go both places, but would be a bit redundant. I feel confident I feel that I have done a pretty good job at indexing my books, but I get nervous about not doing well on the exam. My class had a teaching assistant (also SANS mentor) named Neal Bridges who gave me some slightly different advice. Everyone else I work with has at least 3 GIAC certs. I take that test just like I would the real one and usually add a decent amount to my index after that. Hi Matt, thanks for sharing. thank you very much for your tips and help. Also, remember you can print up cheat sheets like common ports or anything else and tack them onto the back of your index too. If the answer is no then I need to get myself to the point where I could before I move on. I always use practice exam questions to help me refine my index. Still doable, but with 3 or 4 times the amount of work required with the SANS books. Made an index you can quickly reference (if it’s over 8 pages you had better have bound and tabbed the index, too!) ), Carrier’s book and two of Harlan’s books. Thanks for the review and suggestive comments on preparing an index for GIAC certifications, preparing to take SEC505 in the upcoming week with a prepared index of around 40 pages. endobj I have a technically savvy friend who isn’t into infosec. I got some great advice recently on creating an index for SANS exams and I wanted to write a blog post to share it with others. In such cases forget you are a technical person, just think framework-process-theory. Harlan Carvey’s books on Windows operating systems and the new “Art of Memory Forensics” book by the Volatility devs are must owns. %���� Quite frankly, i probably spent as much time editing the index than i would have if i created from scratch. I followed GIAC’s advice on how to prepare here: https://www.giac.org/media/exams/prep-guide.pdf Start studying SANS 504. Assuming you took the class in person and have the courseware then I'd say the index included in the last book is good enough. Just took and passed the test yesterday. DF400ex Registered Users Posts: 2 April 2012 in GIAC. If they mention a functionality and then listed 7 tools, all 7 tools went into this section. Many of their classes include the so called “Cheat Sheets” which are short documents packed with useful commands and information for a specific topic. SANS Security Essentials curriculum consists of courses designed to help you gain the knowledge and hands-on skills you need to succeed as a security professional. If it is something that can be found in a cheat sheet, you have a qw Index - Terms By Keyword (SANS 504-B) Attack Phase | 3 Phases of an Attack [ 1 / 20 ] Command Shell .vs Terminal | Ctrl Charactors are not handled correctly -- Cause Shell Collapse [ 3 / 150 ] Command Shell .vs Terminal Access | General Overview [ 3 / 149 ] Enum Accounts | Enum Syntax [ 2 / 159 ] Enum Accounts | Enum tool - Usage [ 2 / 166 ] Building an index for SANS is part of the whole experience for me and gives me another opportunity to go over the material. The right length is the one with which you feel comfortable. The tools section is self-explanatory. A few months after my GCFA exam I got an opportunity to attend a SANS SEC 504 class. The index REALLY helped a ton and if I second guessed a question I was able to quickly find the material/detail I needed to find the right answer. One more question did you find any usr of the file system forensics book from brian carrier for the exam? Every index I’ve created for a SANS/GIAC exam has had a “tool” section and it has always been worthwhile. Pingback: Looking for Index Building Tips. Learn more about SANS OnDemand. SANS Security 504 focuses on incident handling, addressing practical methods for preparing for detecting and responding to computer attacks.