search
top

Passing the GCFA exam

Recently, I challenged the GIAC/SANS GCFA exam. And I am excited to say I passed and have obtained the GCFA certificate!

This was one of the more detailed courses I had taken in awhile. The IR and Threat hunting sections were not as new to me. However, the memory and forensics section were very deep and detailed. Normally, most organizations will contract out major forensic type of work to 3rd party external partners. So, the forensics section was something I do not work on as often. But I found learning and getting the knowledge of various ways malware can hide in memory, or how to detect Time stomping attacks from malware was extremely fun and exciting to learn. Feeling incredibly grateful to learn about all these new attack techniques and detection mechanisms.

Prepping for the exam

I highly advise everyone take the SANS FOR 508 course. You can read my review of it here -> https://www.stealthbay.com/review-of-sans-for-508/

The course will prepare you for the exam and cover topics and tools that you will be tested on. There is a lot of material to learn in the course. So, dedicate a good amount of time towards learning the course material and all the concepts. The class itself was amazing especially when you get into Memory Analysis, File system analysis and the Anti-forensics sections.

Read more of this post

Review of SANS FOR 508 & Winning the CTF Coin

So, just before the end of a remarkably interesting and odd 2020 year. I decided to go ahead and take the FOR 508 class on Advanced Incident Response, Threat Hunting, and Digital Forensics. I felt this was a course that could really benefit security practitioners for understanding best practices & methods related to IR. As well as, learning new techniques for threat hunting in a large enterprise environment. I decided to put up a post listing our what you can plan to learn from this course should you decide to take it.

Winning the Coin

One of the coolest parts of the class is Day 6 (more details listed later). You get a chance to join into teams and compete in a class APT Threat group challenge. The team that wins the CTF gets an award in the sign of a special course specific SANS Coin. On top of that, SANS will add your name to the Community DFIR Coin holders list! It is a great achievement, and I have to say the challenge was very realistic and fun to tackle.

Read More Of This Post

Passing the GCIH Exam

I’m proud to announce that I have now obtained my SANS – GIAC GCIH certification. It was a long process, and I pushed myself to get it done before the start of the New Year – 2020.

New SANS GIAC changes to exams

One thing that was particularly new for me compared to the other 2 SANS exams I’ve done was the lab questions. SANS with GIAC now has added a section that tests your knowledge through a virtual lab. Now, I have to say I think it’s actually pretty awesome! It puts your real world skills to the test to see if you can actually can apply needed practical skills. It also gives companies assurance that their employees are also getting and being tested on real hands on work and not just theory based topics.

Read more Of This Post

Review of SEC545 Cloud Security Architecture and Operations

SEC545: Cloud Security Architecture and Operations

Just recently I went to attend a local SANS Community class in my city. For those that are not aware, SANS Community classes are usually smaller classes with 5-10+ students. It’s a small venue with more of a small class size, but the material would be the same that SANS would teach on vLive, OnDemand, or at a SANS conference.

I can say that the SEC545: Cloud Security Architecture and Operations class is VERY popular. There were many students there that were not hardcore SANS enthusiasts such as myself. Many people were there on the basis that companies are all now starting to move to the cloud. And, many companies are worried about the security implications of moving, and with larger concerns on if the architecture is not setup and configured correctly.

The class was very much AWS focused, which was great for me in terms of learning AWS. However, Read The Full Post

SEC 542 SANS Course Review

SEC 542 SANS Course Review

So I wanted to post a blog post on my experience related to the SEC 542 course. This way I can share my experience out there with others, and hopefully give others insight to see if the course is a right fit for them too.

Now because I took the vLive course, my course was not a 4-6 day course. This course was actually completed over 6+ weeks with 2 class sessions per a week. This was an excellent course, very well designed and presented out to students. There were things I already knew and had experienced. But, there were a lot of tools that were introduced in the course, which I had not used or heard of before. And, these tools definitely help save some time especially when it comes down to recon.

I’ll briefly list some of the things you learn during each week, but for the full list you’ll have to take the course for yourself. Trust me, it’s an awesome course! Read The Full Post

« Previous Entries

top