Someone posted this on the SANS Advisory Board list and I thought it was classic:

http://www.youtube.com/watch?v=F7pYHN9iC9I

I guess in some ways it's supposed to be one of the more difficult SANS offerings since it's a 600-series, but that said I already had some experience looking at wireless captures, working with 802.1X, etc., so not getting at least a 90% on the exam is pretty lame, although I came close.  I got my OWSP a while back so you'd figure I'd have some decent base to work off of, but I think it's my general lack of immediate interest in DECT and ZigBee that got the better of me.

I spent an entire quarter going through SEC-617 (OnDemand) but the work schedule didn't really permit me to keep my head in the game.  I don't have a good excuse other than that.

But I can go back to work and have a better approach on doing a more complete wireless assessment than I would have if I didn't take 617.  That said, there's a lot of parallels between Hacking Exposed: Wireless and 617, obviously due to the author being the same.

I recently passed the GAWN exam (with a score that's lower than what I had hoped for, but oh well...).  I have one unused practice exam left which expires 4/25/13.  Normally I offer these away on another forum but since there's not much interest over there, I figure someone here would want it.

Usually I put up a small quiz or challenge question for it, but I'm too tired right now to come up with ideas.  Suggestions?  Or if there's enough interest I can just randomly choose.

I passed the GWAPT last year and I'm not a developer (far from it, actually, as I work on network infrastructure security for a living).  SANS SEC-542 will teach you to recognize JavaScript / Python / PHP basics and the material doesn't require you to know how to code.  I think the mindset helps, but if I can get through the course and manage to pass the GWAPT exam, you should be able to as well.

In the real-world, doing web app pentesting might practically require that you understand these areas much better, but SEC-542 is not what I'd consider a really advanced web app pentesting course.

It's hard to say whether you'd benefit from 503 enough to justify the cost or not.  The first couple of days does get into the "bits and pieces" if you will about packet headers, interpreting the hex dumps, normal / abnormal traffic patterns, traditional evasion tactics, etc..  It certainly instills a strong mindset and approach, but I think in today's world the bulk of the attacks require a broader analysis of traffic payloads and associated traffic streams in their entirety (the NSM approach).

For a dedicated IDS class, I think there's nothing more hardcore than 503.  Even Sourcefire's product courses as well as their Snort class doesn't go as much in-depth in a vendor-neutral way (and I've taken their 3D System and Snort Rules Writing courses).  That said, 503 doesn't teach you everything.  Being good at it comes with practice, lots of analysis time, and the wisdom gained through experience.

When I took 503 a while back, there was very little IPv6 coverage.  That might have changed by now.  I'd email the course authors (Mike Poor, Judy Novak) and see what they have to say given your experience level.  503 is personally one of my favorite SANS courses that I've gone through.  Lots of war stories, and if Mike Poor is teaching, pretty entertaining.

I posted a review on another forum regarding 503 a while back.  Google up "GCIA passed" and you should see it.  I felt it was a great course, but what you'll get out of it depends on what you already know about TCP/IP fundamentals as well.

TCP/IP Weapons School by Richard Bejtlich is also a good supplemental course.  I've posted a review for it on the same site.

SANS 558 also seems pretty cool, although I've haven't taken it.

From what I've seen of infosec job trends, the vast majority of technical "security" jobs seem to fall into the traditional infrastructure categories such as network security, systems security, etc..  Forensics and penetration testing are still rather niche areas, but with the way things are going I'd assume that'll open up eventually.

I predict that as the years come, there will be an expansion of these once extremely-specialized subject areas in terms of open positions.  And with the lack of existing talent to fill them, there will be a tendency to accept candidates with less experience or perhaps even no experience specific to that task but who show lots of aptitude and willingness to learn.

But grain of salt there.  I'm bad at rolling the dice in the stock market.  I can't offer much more advice since I don't work in these areas or know a lot of people who do.

Also check the GIAC listings:

http://www.giac.org/certified-professionals/job-listings

There might also be issues with your resume that you're not recognizing.  On other forums, some people post their (sanitized) CV for others to critique.

Vendor training sometimes come with the corporate appliance package purchase.  My company is spotting me for Black Hat trainings this year (never done anything at Black Hat other than the Briefings).  Otherwise I generally have to fund my own continuing education, requiring heavy sacrifice in other areas of life...

...which explains why my bank account is looking so lean these days.  It's like walking into a dark empty closet and hearing water dripping somewhere.

On the other hand, I work at an infosec company.  Expectations are pretty high.  If I screw up, I get awarded some walking papers.  The expensive self-investment is necessary to increase the chances of employment survival.

...What is this "social life" you speak of?

I signed up for the Python course already.  Udacity looks interesting.  My head is going to explode.  I have a long list of projects at work.  Not ... enough ... time.

There's too much cake.

This sounds pretty slick, and I could definitely use some basic Python knowledge (and preferably not from a book).  I haven't read a lot of reviews yet on SecurityTube's offerings, but I might have to sign up for this.  I like the model of "lifetime access" which is pretty nice.  The certification is optional for me, but I may attempt it if time allows.

I'm not sure how ready I am for yet more training.  I'm doing vendor training this week, I have another once next months, and I'm taking two classes at Black Hat.  My brain hurts.  Why do I keep doing this to myself...

Maybe in a few years if I haven't gone insane from all this studying?


I actually just ordered WAHH and it's on my long back-logged to-read list.  I figure I'll need additional reinforcement of the subject matter as well as a different perspective / author's voice.


The GAWN and GPEN look more interesting, although I could certainly gain something from taking 501.  The problem is that the latter looks very much like another generalist course, similar to 401 and getting the GSEC.  I've always found the more specialized classes more interesting.


I await your email message, per the rules above.


After going through (I think) seven GIAC courses at this point, my general impression is that while one can certainly self-study the subjects and challenge GIAC exams directly, there are some things that the exams cover for which the information is well-noted in a specific SANS course.

Another way to put it is that since GIAC exams are pretty much based on the corresponding SANS material, you have a tactical home advantage with the SANS books in-hand.  There's some "specialized knowledge" in those books which may not be directly available in the pages at the bookstore, although at the same time it's not proprietary stuff either.  It's just that SANS packages a lot of things together and GIAC's coverage tends to be based on it.

I've never directly challenged GIAC exams without haven taken the relevant class first, although with some studying on the wireless side I could probably pass a GAWN attempt.  I very much enjoy the challenge of scoring above 90% (which I've been lucky to accomplish on all my GIAC attempts so far) so taking the course fulfills a gap which I think is more important that attaining the title, although it also helps pad my resume with more somewhat-useless alphabet.  That's a rant I'll save for another day.

We're fortunate enough to live in times where infosec books are a plenty.  Instead of chasing more acronyms, I think I'd gain more right now by reading non-certification books and applying the knowledge into actual practice.

I work on the blue team side and my web app mindset was pretty much nonexistent before I took 542.  At work I'm quite often faced with looking at web traffic and configuring various infrastructure devices, so I needed something that would help me get up to speed with how web-based attacks work.  Before the course I had some vague notions of what SOAP was or what a Python script might have looked like.  I have a slightly better idea now, and every little bit helps.

I made it through my fifth GIAC exam today and barely made it over the 90% score line.  I was stressing quite a bit before I sat down in front of the exam terminal and mentally cleared my mind for the inevitable fail.  It was a good exam with some quality analysis questions (and a few really lame ones).

I'm not aspiring to be a pentester and I don't think 542 will help someone go from zero to pro overnight.  It does provide good starting foundations though and there was broad coverage on different subject areas and lots of tools.  I'd guess that doing PWB would be more "fun," but 542 was a good experience nonetheless.  Kevin Johnson brought it all together quite well.

So that said, I have a spare GWAPT practice exam for someone who has never taken a GIAC practice (or real) exam before.  I know SANS courses and GIAC certification attempts aren't cheap, so instead of passing it to someone in the SANS Advisory Board or another forum where I've given away practice tests before, I figure I'd give someone here a shot at it.  So for a little fun, here are the rules:

• You have never taken a GIAC exam before (I'm relying on your sense of honor here).
• You must send your request to my email address encrypted with my GPG key.
• Determine the OS and its version that my website is running on.
• Determine the RFC1918 address space the server is sitting in.

I'm not inviting a pentest or simulated / real attack, just merely a casual scan and guess-work with your favorite interception proxy (if that's how you roll).  No exploits allowed, thank you very much.  I haven't patched in seven years (...just kidding).  If you can't find the answers, just pat yourself on the back for trying (not as if I could do any better) and email me your encrypted request.

When I did the OSWP exam some years back my SSH sessions kept dropping, but perhaps because I had a two or more concurrent sessions and I think there was some latency in my connection.  I think "doing" the attacks isn't what consumes time, but rather the documentation.  One of the most fun exams I've ever taken though with that thrill-of-the-hunt.

I got a copy of the updated course when it was released, but I haven't gone through it yet.  That said, I'm of the impression there's no coverage on 802.1X attacks.  I would really welcome that since it'd make the course much more applicable to enterprise networks.