Passing the GCTI Exam

Recently, I challenged the GIAC/SANS GCTI exam. And I am excited to say I passed and have obtained the GCTI certificate!!!

The concepts for this course were much newer to me. Threat modelling, researching, and building a threat intelligence tech stack was amazing to learn. Usually, a threat intel program is conducted with very established and mature security programs. So, this is an area I have not seen too many people often get into. However, Threat Intel programs are slowly becoming more common. and knowing your adversary, as well as keeping track of an adversary that could potentially be targeting you is an awesome skill set to accomplish.

FOR578: Cyber Threat Intelligence class

I had taken the full course on threat intelligence. If you want to read my review of it check this blog post out –> https://www.stealthbay.com/a-review-of-for578-cyber-threat-intelligence/

Prepping for the exam

I highly advise everyone take the FOR578: Cyber Threat Intelligence course. You can get more details from here: https://www.sans.org/cyber-security-courses/cyber-threat-intelligence/

The course will prepare you for the exam and cover topics and tools that you will be tested on. There is a lot of material to learn in the course. So, dedicate a good amount of time towards learning the course material and all the concepts. The class was a huge learning experience in the world of Threat Intelligence.

After you take the course try going back to each book and building your index. After this, it is a good time to use up practice exam 1 and see how you fair in it. Use the section at the end, which lists out which sections you were weak in and go study them some more. Take practice exam 2 and hopefully this time you see an improvement. If so, then book your final exam within the next 2-5 days and go for it. This format always has worked well for me.

Making an Index

Passing the GCFA exam

Recently, I challenged the GIAC/SANS GCFA exam. And I am excited to say I passed and have obtained the GCFA certificate!

This was one of the more detailed courses I had taken in awhile. The IR and Threat hunting sections were not as new to me. However, the memory and forensics section were very deep and detailed. Normally, most organizations will contract out major forensic type of work to 3^rd party external partners. So, the forensics section was something I do not work on as often. But I found learning and getting the knowledge of various ways malware can hide in memory, or how to detect Time stomping attacks from malware was extremely fun and exciting to learn. Feeling incredibly grateful to learn about all these new attack techniques and detection mechanisms.

Prepping for the exam

I highly advise everyone take the SANS FOR 508 course. You can read my review of it here -> https://www.stealthbay.com/review-of-sans-for-508/

The course will prepare you for the exam and cover topics and tools that you will be tested on. There is a lot of material to learn in the course. So, dedicate a good amount of time towards learning the course material and all the concepts. The class itself was amazing especially when you get into Memory Analysis, File system analysis and the Anti-forensics sections.

Autopsy– A Forensic Analysis Tool

Autopsy – Digital Forensics

For anyone looking to conduct some in depth forensics on any type of disk image. Autopsy is a great free tool that you can make use of for deep forensic analysis.

It has been a few years since I last used Autopsy. I recall back on one of the SANS tools (SANS SIFT). Back then I felt it was a great tool, but did lack speed in terms of searching through data. It appears with the most recent version of Autopsy that issue has been drastically improved. On top of that, machines have also become much faster using SSD’s and tons of more CPU and RAM power.