.

Mandiant courses

<<

docrice

User avatar

Newbie
Newbie

Posts: 31

Joined: Sun Nov 20, 2011 3:19 am

Post Mon Mar 12, 2012 2:00 am

Mandiant courses

I'm entertaining the idea of taking a Mandiant course at Black Hat USA this year (specifically, Incident Response Black Hat Edition):

https://www.blackhat.com/html/bh-us-12/ ... md-ir.html

Have any of you taken this class or other Mandiant class?  I'm curious what the difference is between SANS 504 and this one above.  I'm assuming there's some overlap, but based on:

http://taosecurity.blogspot.com/2009/04 ... ponse.html

I'd assume the Mandiant class is focused on IR much more deeply.
GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, OSWP, WCNA, CCNA, CCNA Security, SFCP, SnortCP, and more useless acronyms.

Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Mon Mar 12, 2012 7:49 am

Re: Mandiant courses

docrice wrote:I'd assume the Mandiant class is focused on IR much more deeply.


I'm unsure about the Mandiant specific course but common logic dictates that Vendor initiated courses will teach you vendor specific software. Bejtlich runs (or ran) his "TCP Weapons" class at Blackhat and he (in my opinion) is so so. He tends to blurt China on everything under the sun and this is likely because is fixated on an enemy from his years in the USAF. In fact, I believe 90% of what Richard talks about is China in correlation to "threats" but that's neither here nor there.

He wrote the book on Extrusion Detection which was an excellent book however, what he and Mandiant do in their course are up for grabs. My guess is they're nothing more than tailored Mandiant sales pitches with enough technical verbiage to keep students thinking its Incident Response. Had I to choose, I would opt for SANS' or CERT's training on this subject
<<

docrice

User avatar

Newbie
Newbie

Posts: 31

Joined: Sun Nov 20, 2011 3:19 am

Post Tue Mar 13, 2012 5:01 am

Re: Mandiant courses

I've taken SANS 504 as well as Richard's TCP/IP Weapons School 3.0.  I didn't get a whole lot of Mandiant name-dropping in his class or lots of references to China.  Either that or I wasn't paying attention.

But since the Mandiant IR class is indeed Mandiant-branded, I have to wonder as well about how much push there will be for their services or the MIR appliance.
GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, OSWP, WCNA, CCNA, CCNA Security, SFCP, SnortCP, and more useless acronyms.

Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Tue Mar 13, 2012 7:42 am

Re: Mandiant courses

docrice wrote:I've taken SANS 504 as well as Richard's TCP/IP Weapons School 3.0.  I didn't get a whole lot of Mandiant name-dropping in his class or lots of references to China.  Either that or I wasn't paying attention.


He just started at Mandiant last year when did you attend Weapons ;)

docrice wrote:But since the Mandiant IR class is indeed Mandiant-branded, I have to wonder as well about how much push there will be for their services or the MIR appliance.


I have yet to attend a vendor specific class where their products weren't the "gist" of the training. Again, this is not to say the class won't be or isn't good, I just opt to choose for vendor neutral courses. Its one of the reasons I have stayed away from the EnCe, CCxx (Cisco), JNCxx (Juniper) classes.

I would think that CERT would have a broader reach because of their visibility and collaboration with gov, businesses and academia. They are also considered to be the fathers of IR. Joe McCray has some interesting classes but then we're getting into name recognition based on your signature: Do you drop "Mandiant Training" versus "Joe McCray" training. Personally, I'd opt for something outside the norm (CERT) however, some of the SANS guys if I'm not mistaken train via Mandiant as well.

Return to Incident Response

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software