.

SANS Course Suggestion

<<

DragonGorge

User avatar

Jr. Member
Jr. Member

Posts: 89

Joined: Wed Feb 08, 2012 6:30 pm

Post Thu Dec 05, 2013 12:27 pm

SANS Course Suggestion

Looking for suggestions on SANS training. Right now I have my eye on 3 courses:

SEC542: Web App Penetration Testing and Ethical Hacking
FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
SEC760: Advanced Exploit Development for Penetration Testers

I've heard good things about all of them. One of the differences I see between SANS and Offsec is the latter seems to lean more toward testing than training while the former is the opposite.

SEC542 - I see this as an opportunity to pick up some fundamentals that I didn't get in OSCP and fill out the knowledge I did get. My concern is with the age of this course and that some of the material/techniques might be dated or too much review when compared to OSCP.

FOR610 - Again, a chance to expand on my IDA, assembly, reverse engineering. Less concerned with datedness as I think the techniques don't change as much.

SEC760 - In some ways, this course looks the most intriguing to me but my concern lies in the fact that a) it's listed as a beta course and b) I might not be ready for it. I've always been a bit leery about taking new courses since they often have bugs/growing pains. Add to that, my only experience with exploit writing has been with Windows XP/7 and only on 32 bit systems and nothing kernel-based. This course would be the hardest (obviously) and require the most research beforehand. I only got about half of the quiz questions.

Anyway, appreciate any input.
<<

jrdoty

User avatar

Newbie
Newbie

Posts: 18

Joined: Sun Dec 09, 2012 8:43 pm

Post Fri Dec 06, 2013 6:16 pm

Re: SANS Course Suggestion

Can't speak for SEC542 or 760.

I've taken FOR610. If you're primarily a pen tester then I don't think you'll enjoy it. The FOR610 class only has one day which is actually code reverse engineering. The rest of the course is an overall approach to malware analysis. PDF, Doc, excel, memory analysis, basic static and behavior analysis. That's the majority of the course.

My job is in malware analysis. The course was great for me but I felt like it lacked a little bit in code reverse engineering. I'm been going through books like Practical Malware Analysis and the ELS course to get better at that part.

So in conclusion. If you want to analyze Malware then FOR610 is great. If want to be an IDA pro expert for other reverse engineering aspects like exploit dev. it's not the course for you.
<<

dynamik

Recruiters
Recruiters

Posts: 1134

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Sun Dec 08, 2013 2:17 pm

Re: SANS Course Suggestion

It sounds like you have a significant gap from where you currently are to where you need to be to get the most out of 760. Is there a reason you're not considering taking 660 first? That course will get you up to speed. Most, if not all, of that quiz is based on 660 material.

Also, I've heard more experienced people say that 542 is kind of light, so you may be better off going for the advanced web app course. It's probably good for people with little-to-no web app experience, but if I was going to drop that kind of money on a course, I'd use a book like WAHH2 to cover the basic/intermediate material and then use the course for the advanced material.

I don't have any experience with 610, but it looks like jrdoty covered that well :)
The day you stop learning is the day you start becoming obsolete.
<<

DragonGorge

User avatar

Jr. Member
Jr. Member

Posts: 89

Joined: Wed Feb 08, 2012 6:30 pm

Post Tue Dec 10, 2013 5:31 pm

Re: SANS Course Suggestion

dynamik - I should have mentioned that I'm going to the live courses. 660, for whatever reason, isn't being offered this time around. Same goes for the advanced web app. In your opinion is 760 at/above/below OSCE? From the course description it seems like it's above (don't recall 64 bit anything in the latter).

Sooooooo, looks like I'm going with the forensics class.
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Tue Dec 10, 2013 9:07 pm

Re: SANS Course Suggestion

For the 542 just go with WAHH2.
<<

dynamik

Recruiters
Recruiters

Posts: 1134

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Thu Dec 12, 2013 6:46 pm

Re: SANS Course Suggestion

760 is way above OSCE. AWE/OSEE would be more comparable, but 760 also gets into Linux material, patch diffing, etc. which is not covered in AWE/OSEE.

Steve teaches both 660 and 760, so it makes sense they wouldn't be offered together live. I'm not sure if anyone else teaches those.
The day you stop learning is the day you start becoming obsolete.

Return to General Certification

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software