December 5, 2013 at 5:27 pm #8628DragonGorgeParticipant
Looking for suggestions on SANS training. Right now I have my eye on 3 courses:
SEC542: Web App Penetration Testing and Ethical Hacking
FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
SEC760: Advanced Exploit Development for Penetration Testers
I’ve heard good things about all of them. One of the differences I see between SANS and Offsec is the latter seems to lean more toward testing than training while the former is the opposite.
SEC542 – I see this as an opportunity to pick up some fundamentals that I didn’t get in OSCP and fill out the knowledge I did get. My concern is with the age of this course and that some of the material/techniques might be dated or too much review when compared to OSCP.
FOR610 – Again, a chance to expand on my IDA, assembly, reverse engineering. Less concerned with datedness as I think the techniques don’t change as much.
SEC760 – In some ways, this course looks the most intriguing to me but my concern lies in the fact that a) it’s listed as a beta course and b) I might not be ready for it. I’ve always been a bit leery about taking new courses since they often have bugs/growing pains. Add to that, my only experience with exploit writing has been with Windows XP/7 and only on 32 bit systems and nothing kernel-based. This course would be the hardest (obviously) and require the most research beforehand. I only got about half of the quiz questions.
Anyway, appreciate any input.
December 6, 2013 at 11:16 pm #53688jrdotyParticipant
Can’t speak for SEC542 or 760.
I’ve taken FOR610. If you’re primarily a pen tester then I don’t think you’ll enjoy it. The FOR610 class only has one day which is actually code reverse engineering. The rest of the course is an overall approach to malware analysis. PDF, Doc, excel, memory analysis, basic static and behavior analysis. That’s the majority of the course.
My job is in malware analysis. The course was great for me but I felt like it lacked a little bit in code reverse engineering. I’m been going through books like Practical Malware Analysis and the ELS course to get better at that part.
So in conclusion. If you want to analyze Malware then FOR610 is great. If want to be an IDA pro expert for other reverse engineering aspects like exploit dev. it’s not the course for you.
December 8, 2013 at 7:17 pm #53689dynamikParticipant
It sounds like you have a significant gap from where you currently are to where you need to be to get the most out of 760. Is there a reason you’re not considering taking 660 first? That course will get you up to speed. Most, if not all, of that quiz is based on 660 material.
Also, I’ve heard more experienced people say that 542 is kind of light, so you may be better off going for the advanced web app course. It’s probably good for people with little-to-no web app experience, but if I was going to drop that kind of money on a course, I’d use a book like WAHH2 to cover the basic/intermediate material and then use the course for the advanced material.
I don’t have any experience with 610, but it looks like jrdoty covered that well 🙂
December 10, 2013 at 10:31 pm #53690DragonGorgeParticipant
dynamik – I should have mentioned that I’m going to the live courses. 660, for whatever reason, isn’t being offered this time around. Same goes for the advanced web app. In your opinion is 760 at/above/below OSCE? From the course description it seems like it’s above (don’t recall 64 bit anything in the latter).
Sooooooo, looks like I’m going with the forensics class.
December 11, 2013 at 2:07 am #53691Dark_KnightParticipant
For the 542 just go with WAHH2.
December 12, 2013 at 11:46 pm #53692dynamikParticipant
760 is way above OSCE. AWE/OSEE would be more comparable, but 760 also gets into Linux material, patch diffing, etc. which is not covered in AWE/OSEE.
Steve teaches both 660 and 760, so it makes sense they wouldn’t be offered together live. I’m not sure if anyone else teaches those.
You must be logged in to reply to this topic.