search
top

Passing the GCFA exam

Recently, I challenged the GIAC/SANS GCFA exam. And I am excited to say I passed and have obtained the GCFA certificate!

This was one of the more detailed courses I had taken in awhile. The IR and Threat hunting sections were not as new to me. However, the memory and forensics section were very deep and detailed. Normally, most organizations will contract out major forensic type of work to 3rd party external partners. So, the forensics section was something I do not work on as often. But I found learning and getting the knowledge of various ways malware can hide in memory, or how to detect Time stomping attacks from malware was extremely fun and exciting to learn. Feeling incredibly grateful to learn about all these new attack techniques and detection mechanisms.

Prepping for the exam

I highly advise everyone take the SANS FOR 508 course. You can read my review of it here -> https://www.stealthbay.com/review-of-sans-for-508/

The course will prepare you for the exam and cover topics and tools that you will be tested on. There is a lot of material to learn in the course. So, dedicate a good amount of time towards learning the course material and all the concepts. The class itself was amazing especially when you get into Memory Analysis, File system analysis and the Anti-forensics sections.

Read more of this post

Passing The Microsoft AZ-900 Exam

Getting Microsoft Certified for Azure Fundamentals


I decided to challenge the AZ-900 Exam, as I got a Microsoft voucher for a free exam attempt. So, I decided to give the exam a crack. Basing it off other peer’s experience, who had already taken this exam. The consensus I had heard is that it should be a simple exam if you have used Azure before and worked on different services (e.g., IaaS, PaaS, SaaS.) I probably spent about less than 8 hours prepping, as I felt the topics seemed general and things I have already been exposed too.

Prepping to take the exam

My personal experience with Azure is that I have worked with it for 3+ years. If you have spent a lot of time in the Azure environment building things, configuring things and managing different items. You will have no problem challenging this exam. Most of the concepts are related to everyday tasks that you would be working on. Or tasks you would have been exposed to at some point while engineering designs in Azure.

Here is a score list of what you need to know –> https://docs.microsoft.com/en-us/learn/certifications/exams/az-900

  • Cloud concepts (20-25%)
  • Core Azure services (15-20%)
  • Core solutions and management tools on Azure (10-15%)
  • General security and network security features (10-15%)
  • Identity, governance, privacy, and compliance features (20-25%)
  • Azure cost management and Service Level Agreements (10-15%)
Read More Of This Post

CISA Exam Study Guide from Packt


CISA Study Guide from Packt

I like to review over CISA study materials and keep up with content every year. ISACA usually has small new updates every year to the auditing domains. It is always nice to see all the new changes and advancements that are being made in the auditing world. This year, I decided to check out a book and wanted to post a quick review of it for others so they may get some good use out of it too.


What is this book about

The book is was just recently published by Packt and is called “CISA – Certified Information Systems Auditor Study Guide” authored by Hemang Doshi. You can grab a copy of it here –> https://amzn.to/358rb3h

Read more Of This Post

Passing the GCIH Exam

I’m proud to announce that I have now obtained my SANS – GIAC GCIH certification. It was a long process, and I pushed myself to get it done before the start of the New Year – 2020.

New SANS GIAC changes to exams

One thing that was particularly new for me compared to the other 2 SANS exams I’ve done was the lab questions. SANS with GIAC now has added a section that tests your knowledge through a virtual lab. Now, I have to say I think it’s actually pretty awesome! It puts your real world skills to the test to see if you can actually can apply needed practical skills. It also gives companies assurance that their employees are also getting and being tested on real hands on work and not just theory based topics.

Read more Of This Post

Passing The GWAPT Exam

Passing The GWAPT Exam

So, I finally went for it and attempted the GIAC GWAPT exam and passed it! I’ve been conducting some pen tests prior to taking the SANS SEC 542 course and the GWAPT exam. The course taught me many new things, and gave me a new perspective, and insight when it comes to web application pen testing. This blog post is to share my experience on how to best prepare for taking the GWAPT exam.

Should I take this exam or challenge the GWAPT ?

Many people will ask themselves this very same question. The best answer really depends on what your career goals are for your future. If you plan on being a pen tester, then this is a must at least if you are new or an intermediate to web pen testing. These days the Internet is filled with web applications, and now with more data and applications placed in the cloud. WebApp pen testing is a skill in demand and will be needed to test anything open to the public via the cloud.

Studying

Read The Full Post

« Previous Entries

top