GWAPT passed…

Viewing 15 reply threads
  • Author
    Posts
    • #7507
      docrice
      Participant

      I made it through my fifth GIAC exam today and barely made it over the 90% score line.  I was stressing quite a bit before I sat down in front of the exam terminal and mentally cleared my mind for the inevitable fail.  It was a good exam with some quality analysis questions (and a few really lame ones).

      I’m not aspiring to be a pentester and I don’t think 542 will help someone go from zero to pro overnight.  It does provide good starting foundations though and there was broad coverage on different subject areas and lots of tools.  I’d guess that doing PWB would be more “fun,” but 542 was a good experience nonetheless.  Kevin Johnson brought it all together quite well.

      So that said, I have a spare GWAPT practice exam for someone who has never taken a GIAC practice (or real) exam before.  I know SANS courses and GIAC certification attempts aren’t cheap, so instead of passing it to someone in the SANS Advisory Board or another forum where I’ve given away practice tests before, I figure I’d give someone here a shot at it.  So for a little fun, here are the rules:

      • You have never taken a GIAC exam before (I’m relying on your sense of honor here).
      • You must send your request to my email address encrypted with my GPG key.
      • Determine the OS and its version that my website is running on.
      • Determine the RFC1918 address space the server is sitting in.

      I’m not inviting a pentest or simulated / real attack, just merely a casual scan and guess-work with your favorite interception proxy (if that’s how you roll).  No exploits allowed, thank you very much.  I haven’t patched in seven years (…just kidding).  If you can’t find the answers, just pat yourself on the back for trying (not as if I could do any better) and email me your encrypted request.

    • #46830
      unicityd
      Participant

      Congratulations on the pass.  You say you’re not aspiring to be a pentester, so…what is your goal?  Just curious.

    • #46831
      docrice
      Participant

      I work on the blue team side and my web app mindset was pretty much nonexistent before I took 542.  At work I’m quite often faced with looking at web traffic and configuring various infrastructure devices, so I needed something that would help me get up to speed with how web-based attacks work.  Before the course I had some vague notions of what SOAP was or what a Python script might have looked like.  I have a slightly better idea now, and every little bit helps.

    • #46832
      Anonymous
      Participant

      Congrats 🙂

    • #46833
      dynamik
      Participant

      Congratulations, Kimi! When are you scheduling that GSE written exam? 😉

      Have you gone through the Web App Hackers Handbook (2nd)? If so, how did you feel it compared to the course? I’m thinking about challenging this one and would be interested in any recommendations for supplementary material outside of the course.

    • #46834
      sil
      Participant

      @docrice wrote:

      I work on the blue team side

      Why don’t you just knock GCED out of the way.

    • #46835
      hayabusa
      Participant

      @docrice

      If you’re looking to part with the pracice exam, I might be interested.  One of these days, I figured on at least attempting the exam, so I wouldn’t mind seeing what’s in the practice exam.

    • #46836
      alucian
      Participant

      Congrats!

      And nice of you giving the practice exam!

    • #46837
      knwminus
      Participant

      Congrats man! You certainly are destroying the GIAC exams. I am curious about your GSE date as well. You seem to have all of the required prereqs.

      Also for those of us who would self study, do you a suggested book list?

    • #46838
      docrice
      Participant

      @ajohnson wrote:

      When are you scheduling that GSE written exam? 😉

      Maybe in a few years if I haven’t gone insane from all this studying?

      @ajohnson wrote:

      Have you gone through the Web App Hackers Handbook (2nd)? If so, how did you feel it compared to the course? I’m thinking about challenging this one and would be interested in any recommendations for supplementary material outside of the course.

      I actually just ordered WAHH and it’s on my long back-logged to-read list.  I figure I’ll need additional reinforcement of the subject matter as well as a different perspective / author’s voice.

      @sil wrote:

      Why don’t you just knock GCED out of the way.

      The GAWN and GPEN look more interesting, although I could certainly gain something from taking 501.  The problem is that the latter looks very much like another generalist course, similar to 401 and getting the GSEC.  I’ve always found the more specialized classes more interesting.

      @hayabusa wrote:

      If you’re looking to part with the pracice exam, I might be interested.

      I await your email message, per the rules above.

      @knwminus wrote:

      Also for those of us who would self study, do you a suggested book list?

      After going through (I think) seven GIAC courses at this point, my general impression is that while one can certainly self-study the subjects and challenge GIAC exams directly, there are some things that the exams cover for which the information is well-noted in a specific SANS course.

      Another way to put it is that since GIAC exams are pretty much based on the corresponding SANS material, you have a tactical home advantage with the SANS books in-hand.  There’s some “specialized knowledge” in those books which may not be directly available in the pages at the bookstore, although at the same time it’s not proprietary stuff either.  It’s just that SANS packages a lot of things together and GIAC’s coverage tends to be based on it.

      I’ve never directly challenged GIAC exams without haven taken the relevant class first, although with some studying on the wireless side I could probably pass a GAWN attempt.  I very much enjoy the challenge of scoring above 90% (which I’ve been lucky to accomplish on all my GIAC attempts so far) so taking the course fulfills a gap which I think is more important that attaining the title, although it also helps pad my resume with more somewhat-useless alphabet.  That’s a rant I’ll save for another day.

      We’re fortunate enough to live in times where infosec books are a plenty.  Instead of chasing more acronyms, I think I’d gain more right now by reading non-certification books and applying the knowledge into actual practice.

    • #46839
      hayabusa
      Participant

      LOL…  Somehow, I skimmed right past the rules above.  🙂

      I don’t qualify, based on ‘never having taken a GIAC exam.’  Save it for another who needs it, and good of you to offer it up for someone.

    • #46840
      dynamik
      Participant

      @docrice wrote:

      Maybe in a few years if I haven’t gone insane from all this studying?

      Lame 😉

      @docrice wrote:

      The GAWN and GPEN look more interesting, although I could certainly gain something from taking 501.  The problem is that the latter looks very much like another generalist course, similar to 401 and getting the GSEC.  I’ve always found the more specialized classes more interesting.

      I’ve actually seen the majority of the material because I’ve written some questions for the exam, and GCED is pretty serious. They actually don’t even allow it to be challenged because they feel there’s too much detailed information in the course material. I asked for an exception because I can’t take it for two years after writing questions for it, but no dice…

      @hayabusa wrote:

      LOL…  Somehow, I skimmed right past the rules above.   🙂

      I was thinking about calling you out on that, but I figured it was just OSCE brain-fry 🙂

    • #46841
      hayabusa
      Participant

      @ajohnson wrote:

      I was thinking about calling you out on that, but I figured it was just OSCE brain-fry 🙂

        Yep, it was.  (That AND the added stress, now, of prepping to move, in 7 weeks, from Ohio to Texas…)  But it’s all good!

    • #46842
      Xorcist
      Participant

      Congrats dude..

      Me too cleared GWAPT last month and was very happy about it.
      i felt i have shelled out a bomb to SANS for sec542.. I now wanted to take GPEN. Can anyone suggest me the right course to take for taking this certification. plzz do not point me to SANS again.

    • #46843
      DWH
      Participant

      Hi All,
      I am willing to go for Giac GWAPT exam and I am searching about free practice exams, Can anyone help?
      If there are no fee exams, can anyone help about test king or something like that to practice?
      Appreciate your response.

    • #46844
      Jamie.R
      Participant

      Well done !!

Viewing 15 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?