SANS Course??? - Hacker Techniques??

[jogle900]

Has anyone attend this class from SANS and/or the appropriate GIAC certification that goes with it?

http://www.sans.org/lonestar04/description.php?tid=16

I'm curious as to what to expect and I what studying I should undertake before attending. Also, what tools are used during the class. Any info is appreciated.

 

[Windexx]

I went to this course in DC ~4 months ago. This is a very good course. The course I attended was taught by Ed Skoudis who has authored a couple books. The first day primarily deals with how to handle incidents. After that, it gets very interesting. You are taught how your machines are compromised. I found the course very informative and fun. This course can keep you on your toes.

As far as training before the class I would make sure you know the basics of LINUX and Windows systems. The tools are numerous but expect the normal password cracking tools, nmap, p0f, etc. etc etc. A CD will be given with all the tools you need for both LINUX and Windows. Also, you will be using a virtual session (you will use both Windows/LINUX in class) but can use a trial license. Ed had an image already set up for us to use which saved a lot of time. Instructors may vary but they are all very talented from all the ones I have seen (I also took the Intrusion Detection a year ago).

You may want to get a heads-up and read Ed Skoudis's own book on malware (

http://www.counterhack.net

is his website). It's been on my "To Buy" list but I haven't bought it yet so I cannot give a personal review.

Regards

 

[JoeBloggssss]

I hate these crap courses.

More and more are popping up.. CEH, ISS Hacking etc

In the UK there is CESG CHECK, offical government courses, which require a high level of security clearance and are cover management and business skills also, which are a must for this type of work. Check for offical goverment courses, as chances are you would be working as a pen tester for a company bidding for public sector work.

 

[MichealC4]

SANS is a highly regarded institution, I seriously doubt that their courses are "crap." Now, I haven't been to any of their courses (I would love to though), but from what I have heard, it is well worth it. CEH is another interesting one, and I know someone who went and he said it was worth it.

----------------------------
"Will work for bandwidth" - Thinkgeek T-shirt

 

[JoeBloggssss]

I have attended both a SAN's course and hold the CEH and ISS certification in ethical hacking, and I am telling you they are crap. If you can read about it in a book it is out of date... A pentester requires more than using free open source security tools, you need t understand business processes, how to draft security policy and work a high levels with management and legal departments. Questions:

1. Do you like the SANs recertification policy?
2. CEH covers in DETAIL netbios hacking, ISS? How many companies use netbios, why does it not focus more on Apache? ie this is how relevant the content is.
3. Check online for IT security jobs, how many CEH jobs and what is the salary like?

I am not trying to dicourage you, anything you try todo is a step forward, but you need to be relistic, the value of the CEH and SANs is little, they are there to make money.

If you want to work as a security consultant, with pentesting.

Cisco --> Check Point --> ISS --> CISSP

Most of our team has certs in these, then using tools like nessus etc perform security reviews, building to top of their existing experience. REALLY HOW GOOD IS IT KNOWING THE NAME OF A SCRIPTKIDDE TOOL THAT EXPLOITS SOME KNOWN AND PATCH HOLE, WHICH I WOULD NEVER HAVE IN AN ENVIRONMENT WITHOUT A SECURITY CODE REVIEW ANYWAY,

 

[Windexx]

One person's crap is another persons gold. I have taken two courses by SANS. The other course was Intrusion Detection. I'm sorry your experience with SANS wasn't pleasurable but mine was. I found the instructors competent (Skoudis, Mike Poor, and Marty Roesch <--(SNORT author). Everyone has different expectations and needs from a course and no course/instructor is perfect.

You can't tell me of any perfect organization that has a certification especially (ISC)2. Yes, I have the CISSP and consider it resume fodder as I do all certifications. I see SANS certification requirements along with CISSPs in my regional job ads btw. Heck, I even see that highly regarded MCSE <cough> It seems that SANS, Microsoft, (ISC)2, etc etc are about the marketing, money, and etc. It's business and that's how it goes :-(

Reading the syllabus is the best way to know what will be taught. You can then determine if it is below, above, or just about right to your skills. If you aren't sure...ask the organization and they (assuming reputable) will talk with you.

ChrisMcGill - The CAPS lock key is not your friend and lay off the caffeine ;-)

Have a great weekend!

 

[JoeBloggssss]

LoL

Sorry indifferent day at work. I impressived with your comments up until you mentioned MCSE, I will just leave it at that.

Guys don't get me wrong I would attend every SANS course if someone else was paying for them, or my org had a super training budget, but since this is the real world, you know you need to be pickey. I don't have the CISSP yet, but yes when I get it and need to fulfill the yearly education topup for it I would consider courses such as this then again. It was not that I was not impressed with SANs as I was, it was the fact that do you want to be a pentester forever or do you want to break into senior security management, my team leader earns £160000 pa, and has no real technical background, but he can fight in a business meeting with the best of them and draft kick ass security policies, and has pre and post sales management experience. I wonder what his boss is on??? Just making a point I lone for more courses that focus on business skills and not purely technology.

 

[Patrickp1973]

Chris your point is not relating to the course content
actually you are focusing more on the business background..
Sr Level Management is usually focused more on the business know how than the technical know how.. this is how they are usually recruited.. Looking at someone with a MBA or Msc over someone with say a CISSP or other industry cert.

The original question was relating more to the SANS track and content.