This is a follow-up post referring to the SANS 504 GCIH class I recently attended.
SANS 504 - If you are new to IS, specifically network security, then this class might be very good for you. Maybe I am biased becuse I am so immersed in this field currently that I hear the same "buzz" words over and over again (this class was simply more of that) but I will list what I did not like about the class:
1. The test LAN (network) was not set-up until Friday evening so there was no way to really try the techniques that were presented aside from using your own machine and it's linux virtual machine. A step by step tutorial shoud have been used to explain the process of host/network discovery, probing for a vulnerable system/device and the corresponding techniques to fully compromise the box going as far as executing a payload to DOS a system, enumerate a database or something along those lines. It was far to general and attempted to cover to broad a range of topics without really getting specific on any of them. Even when I questioned the instructor about this by saying".... now what....?" there was no further action taken aside from him saying "...well you can do anything now..." and of course my reply was "... like what...?" The example here was using a Metasploit 3 technique and I got inside and attached to a process using a known flaw in the Metasploit tool kit but they never took it to the final level by illustrating how you compromise the system by being able to hop around in processes. It doesn't make any sense to go all that way to stop before the entire reason for using the tool kit is realized. Fragmented at best. Anyway I asked this question because I knew his answer wold be total crap like it was. If you have ever hacked anything before you must know that nothing is a success until you have gone all the way as each step presents new challenges and there just is not a "cookie-cutter"sure way to exploit a system, things change. I wanted him to show me exactly how to compromise MY system (which is what I was working on) not simply say, "... oh ya it is totally compromised now..."
2. The version on Linux (Red Hat) provided was terrible. I have distros that are far more advanced and more comprehensive in their design. This was a regular Red Hat with some additional network apps installed, the wi-fi didn't work and they even left the games on the OS, just lazy. It was no BT that is for sure!
3. I was familiar with much of the course and therefor it presented a very limited amount of new information, in addition many of the tools and topics were outdated by many years and many of the best tools (even listed in the texts) were not on the CD? It should have dealt in far more detail with more updated exploits. If your organization has vulnerabilities from years ago on your networks (that have available patches) you have a much bigger problem than just the exploits, you need to go and review your patch management standards and procedures. I would also like to mention that the texts themselves were no more than bound Power Point presentations of highlights... no comprehensive study material so basically they are useless for any type of self study.
4. This one is questionable however, manyof the people in my group were taking this class simply for the credits toward their CISSP requirements and it was clear that they had no idea what these topics were about and didn't really care as they were not taking the cert test anyway. I mention this because possibly these classes are more geared toward this type of student rather than one who is really looking for an extremely technical scenario. Or SANS is just in it for the $$ and could care less about their content our who is taking the class, and therefor diminishing the credibility of their certs. I know that now if I see a GCIH cert on someone's card or email, it holds much less value then before I took this class as they may not know much about ethical hacking at all.
5. Overall this was my first SANS training and I guess I expected a great deal more from the leading provider of information security training. I am not trying to "slam" SANS, but for the huge amount of money this costs and the length of the class (6 days) they really need to provide WAY more bang for the buck. They absolutely could have in my opinion. I really expected them to know more than I did about these topics and sadly that was not the case, and I do mean that sincerely. Even further the criteria for being an instructor of this or any SANS class is that you score above a 90% on the corresponding cert test, which is open book. So it is possible that an instructor really doesn't have extensive experience in the field, they just did well on the test and wanted to teach the class. I am not a master hacker by any means and I really thought this class would take me to the next level. It did not. I would say take this class for the cert (they are always valuable) and for a very generalized knowledge of network hacking exploits dating from about 10 years ago to near the present, however not anywhere near cutting edge. I hope this helps you in your decision to attend this class.
No comments:
Post a Comment