|
Passed GMON: https://www.sans.org/course/continuous-monitoring-security-operations There are only 335 people with it, because nobody knows or cares about that cert I imagine. Work pays for it so sure. That makes GCIH, GSEC, and GMON so far. I take the course for GCFE next week at SANS Fire in DC. Anybody else going?
|
#
?
Jun 6, 2016 19:01
|
|
|
|
| # ? Apr 29, 2024 14:13 |
|
|
internet jerk posted:Passed GMON: https://www.sans.org/course/continuous-monitoring-security-operations Did you take 511 in-person? If so, any thoughts on the defend the flag CTF?
|
|
#
?
Jun 6, 2016 19:20
|
|
|
Doug posted:Did you take 511 in-person? If so, any thoughts on the defend the flag CTF? I did, this was back in...March 2015? There was no cert at the time. Eric Conrad was the instructor. Honestly I don't recall much but I do remember not finding it that interesting to be honest.
|
|
#
?
Jun 6, 2016 19:56
|
|
|
internet jerk posted:I did, this was back in...March 2015? There was no cert at the time. Eric Conrad was the instructor. Honestly I don't recall much but I do remember not finding it that interesting to be honest. Ah, yeah I think the CTF is fairly new. I was never much interested in the course/cert but that part at least seemed vaguely interesting. Enjoy SANSFire though. Unfortunately my work is too cheap to shell out for SANS and my boss has some kind of beef with them and claims the classes/certs are useless. 
|
|
#
?
Jun 6, 2016 20:46
|
|
|
Sticking my nose in the CEH book because Governments love to see those letters. This poo poo is mad boring guys.
|
|
#
?
Jun 6, 2016 21:54
|
|
|
The official cisco press CCIE R&S books make me want to claw my eyes out.
|
|
#
?
Jun 8, 2016 01:37
|
|
|
ChubbyThePhat posted:Sticking my nose in the CEH book because Governments love to see those letters. This poo poo is mad boring guys. Mad boring as in Security+ level boring, or boring if you know specifics about Kali Linux/basic pentesting? I always thought CEH would be cool to have as an addition to my sysadmin portfolio but never really delved hard into hacking or any kind of penetration testing. Closest I got was trying to spoof credit card #s on BBSes back in the day with my parents getting a nasty phone call or two from sysops.
|
|
#
?
Jun 8, 2016 20:15
|
|
|
MJP posted:Mad boring as in Security+ level boring Oh good, I'm glad I'm not the only one that finds this really dull. I'm scheduled to take it on Friday, and some of this material is making my eyes glaze over.
|
|
#
?
Jun 8, 2016 20:38
|
|
|
you ate my cat posted:Oh good, I'm glad I'm not the only one that finds this really dull. I'm scheduled to take it on Friday, and some of this material is making my eyes glaze over. I really like security but the sec+ every time I am like "hey I need to finish this material and take the cert" I get miserable and irritated. Honestly I'd love to just skip it and go for the next security cert because it's interesting at least.
|
|
#
?
Jun 8, 2016 20:40
|
|
|
Honestly if you've worked in IT for a couple of years and have a passing interest in security concepts, it'll probably take you 2-3 weeks maximum to "learn" the "material" of Sec+. It's basically all acronyms, common sense, or stuff you'll have naturally learned already. I should probably stop making GBS threads all over the cert though since I have it. 
|
|
#
?
Jun 8, 2016 20:50
|
|
|
Japanese Dating Sim posted:Honestly if you've worked in IT for a couple of years and have a passing interest in security concepts, it'll probably take you 2-3 weeks maximum to "learn" the "material" of Sec+. It's basically all acronyms, common sense, or stuff you'll have naturally learned already. It's real easy
|
|
#
?
Jun 8, 2016 21:05
|
|
|
That's it exactly. I don't feel like I'm learning much, just memorizing a mountain of acronyms and terms to pass a test. All the stuff I could be learning, I pretty much already know.
|
|
#
?
Jun 8, 2016 22:32
|
|
|
you ate my cat posted:That's it exactly. I don't feel like I'm learning much, just memorizing a mountain of acronyms and terms to pass a test. All the stuff I could be learning, I pretty much already know. Nah, it's really not that bad. Memorize the port chart. Skim the section on smishing vishing pharming and phishing. Just make sure you have all the warchalk symbols memorizes! No, don't actually memorize warchalking symbols, they don't test on them. Learn hobo signs instead, it's more practical.
|
|
#
?
Jun 8, 2016 23:08
|
|
|
ahahaha warchalking, I forgot all about that. The extent of my "studying" for Sec+ was reading the book cover to cover in 3 days without any note taking, and the only thing I actually studied to commit to memory were the common port numbers. I had no business passing that exam. I don't even work in IT so I had very few personal experiences to draw from. I'm not trying to gloat or anything, I'm trying to show just how easy that test is. I'll go as far to say that it was easier than the A+. The most complicated question on the exam was "configuring" a standard ACL on a "firewall". Basically all you had to was click on permit/deny from a drop down, and type your source IP/port into two clearly labled fields. In all cases except one they even gave me the port numbers. That one case was TFTP, and if you're a child like me you'll never forget port 69.
|
|
#
?
Jun 8, 2016 23:22
|
|
|
MJP posted:Mad boring as in Security+ level boring, or boring if you know specifics about Kali Linux/basic pentesting? Somewhere in between. It covers a really broad range of things but in less depth than any certs in more specific areas would afford you. I'm only getting it because government contracts seem to require it for some crazy reason. That isn't to say it doesn't include an introduction to the entire process of pentesting, because it does, but it certainly isn't PWK/OSCP by any means. Note I'm not really upset I have to take it as my company is paying for it and I see the value in getting the contracts that require it.
|
|
#
?
Jun 8, 2016 23:22
|
|
|
Renegret posted:I'll go as far to say that it was easier than the A+. Easier than A+ part 1, yeah I'll agree. If A+ part 2 wasn't the easiest loving test you've taken in your professional career I want to know how it's possible to make a test less stressful. It feels like a money grab from comptia to split the material, and by split I mean make up useless bullshit for part 2. But yeah S+ was weird. I stressed about learning the material. I stressed while i took the test because I had no idea how well I was doing: were the answers obvious or was I missing all the trick questions? Then I saw my score and laughed my way out of the building for letting it stress me out.
|
|
#
?
Jun 8, 2016 23:59
|
|
|
I actually had a far worse score for A+ part 2 than I did 1.  Dunno what went wrong. Net+ I had a pretty decent score IIRC and Sec+ was alright just because I focused on one thing far more than the others and ended up getting more questions for the parts I neglected. Funny how that works.  Now I'm studying for CCENT and looking to take it in 2 weeks. Boy I feel I'll get a lot of questions for ACLs and NAT, my two weakest subjects.
|
|
#
?
Jun 9, 2016 01:13
|
|
|
Japanese Dating Sim posted:Honestly if you've worked in IT for a couple of years and have a passing interest in security concepts, it'll probably take you 2-3 weeks maximum to "learn" the "material" of Sec+. It's basically all acronyms, common sense, or stuff you'll have naturally learned already. I always say it's the easiest cert you can ever get.
|
|
#
?
Jun 9, 2016 01:23
|
|
|
System Administrator at my internship is currently going to a technical school for her MCSA cert I oh god how do I break it to her? 
|
|
#
?
Jun 15, 2016 01:07
|
|
|
Depends very much what you mean by 'technical school'. For-profits like ITT Tech and University of Phoenix are mostly gigantic wastes of money but reasonably accredited community colleges (which could also often be called technical schools since they tend to provide degree programs in employment-related skills rather than liberal arts) can be a fantastic deal. Edit: the confusion isn't helped by the whole technical vs vocational and regional vs national accredication malarky either. Sheep fucked around with this message at 03:13 on Jun 15, 2016 |
|
#
?
Jun 15, 2016 03:03
|
|
|
It's been awhile since I took it, do you have to subnet poo poo by hand on the ICND2? I know the ICND1 had plenty of it.
|
|
#
?
Jun 15, 2016 17:43
|
|
|
rafikki posted:It's been awhile since I took it, do you have to subnet poo poo by hand on the ICND2? I know the ICND1 had plenty of it. I think most of the subnetting here was for route summarizations. I could be wrong on that though.
|
|
#
?
Jun 15, 2016 17:46
|
|
|
rafikki posted:It's been awhile since I took it, do you have to subnet poo poo by hand on the ICND2? I know the ICND1 had plenty of it. Not really. There might be a few things like "Why can't these two computers talk?" and one of the answers could involve verifying the routing table, which would in turn require some subnetting, etc. But it's nowhere near like ICND1.
|
|
#
?
Jun 15, 2016 18:33
|
|
|
Subnetting was the easiest sauce on the test for me.
|
|
#
?
Jun 15, 2016 18:44
|
|
|
Yeah, I deal with subnets all day every day, but I don't do them by hand. If I'm not sure if they will overlap, I just punch them into a calculator. I learned how to do them by had for the ICND1 but it's been a year and a half since I did that.
|
|
#
?
Jun 15, 2016 21:03
|
|
|
I'm taking ICND1 next week. Some of my coworkers are recommending writing out all the subnets before I start, but man, I just find subnetting so easy I feel like I'd save time just doing them by hand as the questions come up. Haven't really made my mind up yet on how I'm going to do it. I'll probably write them out anyway just as insurance against stupid mistakes from test jitters.
|
|
#
?
Jun 15, 2016 21:18
|
|
|
Sheep posted:Depends very much what you mean by 'technical school'. For-profits like ITT Tech and University of Phoenix are mostly gigantic wastes of money but reasonably accredited community colleges (which could also often be called technical schools since they tend to provide degree programs in employment-related skills rather than liberal arts) can be a fantastic deal. I was mostly referring to the horror stories about the Microsoft certs I've heard on this thread
|
|
#
?
Jun 15, 2016 21:38
|
|
|
Welp, by some miracle I actually passed the OSCP. Ended up with 85pts including my lab report. Happy to answer questions if anyone has any.
|
|
#
?
Jun 16, 2016 06:43
|
|
|
From what I can gather about this, MS is giving free vouchers to the 70-743 to upgrade an MCSA 2012 to 2016... except the 743 doesn't seem to be available yet? https://borntolearn.mslearn.net/b/weblog/posts/how-to-upgrade-to-mcsa-windows-server-or-sql-server-2016-for-free Maybe it's just "here's a voucher for the exam when it's available" but it doesn't quite make that clear.
|
|
#
?
Jun 16, 2016 14:46
|
|
|
Renegret posted:I'm taking ICND1 next week. Some of my coworkers are recommending writing out all the subnets before I start, but man, I just find subnetting so easy I feel like I'd save time just doing them by hand as the questions come up. I would strongly recommend writing out a CIDR-to-netmask/usable/increment table during the end of your "tutorial" time. I also found subnetting very easy, trivial math. I even kind of enjoy working it out tbh, kinda like the satisfaction you get from a Sudoku. However, on my version of the test I got what must have been the absolute maximum of subnetting Qs. I think my test had 47 Qs and I could swear that 25+ required some subnetting be done. Sure, i probably could have finished by doing the work as the problems appeared but it took a lot of pressure off to have the table done. Just be certain you don't make any mistakes building the table...
|
|
#
?
Jun 16, 2016 15:43
|
|
|
Doug posted:Welp, by some miracle I actually passed the OSCP. Ended up with 85pts including my lab report. Happy to answer questions if anyone has any. How much do the PWK labs prepare you for it?
|
|
#
?
Jun 16, 2016 16:11
|
|
|
MJP posted:From what I can gather about this, MS is giving free vouchers to the 70-743 to upgrade an MCSA 2012 to 2016... except the 743 doesn't seem to be available yet? 14 days to complete two more exams? Faaaaaaaaaaaaaaaart.
|
|
#
?
Jun 16, 2016 16:20
|
|
|
psydude posted:How much do the PWK labs prepare you for it? The labs are great preparation for the exam. I'd say the labs run a difficulty from 1-10 and the exam is maybe 6-6.5 on that scale. For reference I got root on maybe 14 or so servers in the lab(less than half) and still passed the exam. However, the labs should not be taken lightly. There is very little instruction really given. There are some basic concepts in the course material, but expect to spend a lot of time doing independent research while in the labs. If I can over-emphasize one point it would be to learn privilege escalation and techniques for finding privesc vulnerabilities. This is often not something you'll find by googling "x software version x.x" as it's really more of a holistic view of the system and exploiting misconfigurations or overly generous permissions.
|
|
#
?
Jun 16, 2016 20:16
|
|
|
SaltLick posted:14 days to complete two more exams? Faaaaaaaaaaaaaaaart. Yeah, seriously, the amount of unrealistic expectation in the promo is crazy if you're only one exam in, or haven't started studying for the upgrade exam.
|
|
#
?
Jun 16, 2016 20:21
|
|
|
Doug posted:The labs are great preparation for the exam. I'd say the labs run a difficulty from 1-10 and the exam is maybe 6-6.5 on that scale. For reference I got root on maybe 14 or so servers in the lab(less than half) and still passed the exam. However, the labs should not be taken lightly. There is very little instruction really given. There are some basic concepts in the course material, but expect to spend a lot of time doing independent research while in the labs. If I can over-emphasize one point it would be to learn privilege escalation and techniques for finding privesc vulnerabilities. This is often not something you'll find by googling "x software version x.x" as it's really more of a holistic view of the system and exploiting misconfigurations or overly generous permissions. Much appreciated. How tiring was the 24hr lab time to comb through?
|
|
#
?
Jun 16, 2016 21:39
|
|
|
ChubbyThePhat posted:Much appreciated. How tiring was the 24hr lab time to comb through? The 24hr lab time was exhausting. I started at 1pm Sunday afternoon, took a break around 8 to go home for a bit of family time, came back at ~9:30, went back home at 12:30, slept for a bit and then came back at 6am and I was pretty much done by 11-12. The most important thing is really just taking care of yourself. I had a couple of big breakthroughs after each of my breaks. The more breaks the better...force yourself to get up, walk around, don't eat in front of the computer, etc. I probably pushed myself a little too far in that regard because I ate very little in that 24hour span and definitely didn't get enough sleep.
|
|
#
?
Jun 16, 2016 22:16
|
|
|
Anyone know if the CCNA Collaboration (CICD & CIVND) tests you on using CCP at all? I really hope that's finally gone away.
|
|
#
?
Jun 17, 2016 14:56
|
|
|
It shouldn't.
|
|
#
?
Jun 17, 2016 17:10
|
|
|
Just found out about the new CCNA, Cyber Ops Looks like it could be interesting. Plus there's a whole scholarship that they're handing out for it.
|
|
#
?
Jun 19, 2016 22:38
|
|
|
|
| # ? Apr 29, 2024 14:13 |
|
|
Interesting. I wonder how a brand new cert that relatively few people will have heard of, even though it's Cisco, will look on a resume.
|
|
#
?
Jun 20, 2016 01:59
|
|