i just wanted to post my breakdown of the SANS workstudy program. My track was for the GSEC but the workload is similar for all classes. the link to apply:
Duration: 7 days
Hours: 7am-9pm avg
Included: Class, test, online training
5 out of 5 Stars
Another day dawns, and I'm back home with my family after a rigorous week in Vegas for SANS Security Essentials.
I have to say it was one of the most fun infosec experiences I have had.
Beers with Ed Skoudis, riding a segway 15mph down the hallways of the Rio with Mike Poor, and 6 days of sponging up GSEC material with James Tarala. Not to mention a great camaraderie with fellow facilitators Ray and George.
Sunday - Day one was setup. Boxes and boxes of books unpacked, conference material sorted, and attendees registered, etc. Most of the heavy lifting was done this day, as well as scrambling to keep attendees as happy as possible. That’s one thing that I didn't expect was the actual level of service SANS offers their students. It’s amazing. They really go out of their way to make the high cost of the conference worth it. And it is. This day set the tone for the actual hours of work, 6am-9:30pm on average if you facilitated the SANS@Night lectures which of course I didn’t want to miss!
Monday - Day two was the first day of class. Getting students to be where they should be, handouts, basic teachers aide stuff. Day two is where you also see an abnormalities with equipment or courseware, you end up ferrying books and such back and forth/ GSEC day one is Network Fundamentals for Information Security; everything from topology, to switching, routing, VoIP architecture, packet analysis, IPV6, IPSEC, and physical security. Having been in IT but never a high powered consultant, getting James’ input in all the areas was an eye opener. Not to mention I sat next to 4 FBI cybercrime investigators and behind two DOD agents, which was cool and intimidating at the same time. Lucky for me they were all really nice individuals.
Tuesday – Day two was the first of the really cool SANS@Night events and the daytime was all about Defense in Depth. Topics included Viruses/Malicious code, Security Policy, Access Control, Incident Handling, Information Warfare, and Web App Security. As mentioned the night event was Rob Lee’s talk, “The State of the Hack: The Chinese Threat.” This talk was straight scary. Rob went over three cases he had worked on with advanced persistent threats. These were highly capable attackers, well funded, and persistent. Security measures for all these companies were in place, firewalls, IDS, proxies, host auditing, AV, etc. The main tool of choice for the attackers? Spear phising, vulnerable webapps, SQL injection, and browser attacks. Once in they dropped some lightweight but heavy payload malware, creating channels in plain sight but so entrenched in the network they could not be easily removed. An older version of the presentation can be viewed here: http://www.certconf.org/presentations/2008/files/C4.pdf
Wednesday – Day three was more depth in IS technologies, including attack strategies, Firewalls, honeypots, Vuln Scanning, IDS, IPS, and Risk Management. Another SANS@night gem was Kevin Johnson’s Wep app pen testing talk. He covered BeEF, Clickjacking, XSS, CSRF, et al. It was an excellent presentation. I wish he had posted it online, because honestly it was Alices’ long trip down the rabbit hole. I’d take the blue pill next time if I didn’t love this stuff.
Thursday - Day four was secure communications, two modules of crypto, stego, wireless sec, and Opsec. Crypto and linux sec are pretty much my weaknesses right now, so this day really identified the SANS ‘drinking from a fire hose’ motto for me. The best part of the day? Ed Skoudis’ Night presentation, “Secrets of Americas Top Pen Testers”. I blogged about it the day it I saw it. If you haven’t checked out the slides or seen his other series “Pentesting Perfect Storm” I would highly recommend you check them out. Plus Core came in and opened up the bar! Pizza and beer for all
Friday – Day five was all about Windows sec. More Windows active directory than I ever wanted to know about… well not quite, but close. No one ever told me most application whitelisting server software was just pretty front ends over AD! Should’ve guessed.
Saturday- Day six was Linux security. At this point my brain was about full. Like a sponge that had absorbed too much, I was struggling to retain it all. Somehow I made it through, with a somewhat more advanced understanding of the wide world of the penguin.
Overall, it was amazing. If you read this far, you get a little treat. If you’re in the infosec space, IT space, hell even management space, go be a SANS facilitator. Classes normally are $4000 big ones (pluss $400 for the test and $400 for the online training), as a facilitator you pay $700. You get to meet most of the instructors; you get the online training, and a free GIAC test attempt. I networked with some great people, had some good times, and learned more than I expected.