This week, I am studying for the GIAC Certified Penetration Tester exam.
I took SANS 560 @home. Typically, SANS classes taken at a conference take place during the course of a week. The @home version is done over a series of live, interactive webcasts that take place twice a week for several weeks, generally covering a book per week.
- Book 1 – Planning, Scoping, and Recon
- Book 2 – Scanning
- Book 3 – Exploitation
- Book 4 – Password Attacks
- Book 5 – Wireless and Web Apps
Each class is recorded, so you can replay them as much as you like. The @home class is taught by SANS instructors; in my case, Ed Skoudis and John Strand. While Ed designed the course; both were insightful and entertaining instructors who obviously put time and thought behind what they teach.
The class covers a lot of information, and could easily be spread out over twice as much time. You lean how to plan a penetration test, the general flow, and get hands on with the tools. During the class, you have the opportunity to log in to a practice lab via VPN and use most of the many tools covered in the class. The last week of the class you are put in to teams and given a penetration testing scenario. The way it goes down, each team is competing in a capture the flag format. My illustrious group of newly formed 1337 hackers came in second place. This activity was by far the most fun I have ever had in any class.
I hold a couple other certifications, including the CISSP. SANS 560 is the most in depth technical course I have encountered since college.
For a review of the class, check out ethicalhacker.net: http://www.ethicalhacker.net/forum/index.php?action=printpage;topic=2306.0
I scheduled the certification exam for this week, and now it is time to study. Having a major role in leading my capture the flag team to victory, I feel comfortable with a lot of the tools. However, the exam is not hands on at all. The exam is a four hour open book test. SANS provides you with two practice exams. I am going through the books one at time and re-reading all of the slides. I bought Post-It tabs, and am marking each major concept with a tab on the page making the pertinent information easy to find. I am taking the practice exams in parallel – this way, I have an idea of what topics the real exam is going to cover and can use that knowledge to better mark the appropriate topics.
In my opinion, if you happen to finish the capture the flag scenario, they should give you an honorary certification.
For more information, check out the SANS description: http://www.sans.org/training/description.php?mid=937