GSE Study and Prep notes
Herein are a few notes on my journey towards GSE as traditionally made and posted before the exam. For more info on GSE see the official site: https://giac.org/gse
Preparatory Studies (~5 years)
- selfstudy 401,504,503,508 … took 511 live
- taught 404,504,511
- (renewed 401,504,503)
- NetWars Core continuous, got to L3
- almost finished Bandit (OTW) and did most of https://cmdchallenge.com
- (re)Listened to (most of) Sec503 (Mike) and (much of) Sec504 (John)
- 503 Labs review especially Days 3,4,5 (snort, bro, silk, nfa)
- VulnHubs:
- Sickos 1.2
- SkyDogCon 2016
- VulnOS 2
- Metasploitable 2
- mrRobot
- PWK lab manual labs
- #investigationtheory and #eisw online courses from @chrissanders88
- SEC504 labs review, especially hotpics and xss/sqli
- Windows triage/response webcast from BHIS
- some practice with windows tools and clkf
- repeated runs with sec504-lab.exe
- Some Burp on WebGoat, Burp on MSF3, and Samurai practice
- some exercises from Malware Traffic Analysis (MTAs)
- some Honeynet chals , particularly Banking Troubles
my kit:
This is what I’m taking in with me. It certainly includes some things that are unrelated to the exam but are part of my regular load-out. I will just feel better having them whether useful or not this weekend.
books and brochures
- Blue Team Handbook (Don Murdoch) (the BThb) :
- https://www.amazon.com/Blue-Team-Handbook-condensed-Responder/
- RTFM & BTFM :
- https://www.amazon.com/Rtfm-Red-Team-Field-Manual/
- https://www.amazon.com/Blue-Team-Field-Manual-BTFM/
- NFSG : http://thewayofthepacket.com/wp1/
- SEC503 lab manual, tabbed a bit
- SANS handouts for packet analysis, windows and linux response, windows command line
- http://pen-testing.sans.org/resources/downloads
- SANS DFIR posters (red, blue, green)
- https://digital-forensics.sans.org/community/cheat-sheets
random printouts:
- Don M’s GSE study guide 4.0, lightly tabbed and highlighted
- Sample incident report from Lenny Zeltser (PDF):
- https://zeltser.com/cyber-threat-intel-and-ir-report-template/
- A full page ascii/hex/dec chart
- [can’t find right now]
- Snifer’s MsfVenom cheatsheet:
- https://raw.githubusercontent.com/Snifer/security-cheatsheets/master/msfvenom
- a demo LibreOffice report doc: headers, title, outline, toc, stamps
- TCP/IP flags mneumonics from Daniel Miessler:
- https://danielmiessler.com/study/tcpflags
- r00tBSD’s REM wallpaper:
- http://r00ted.com/cheat%20sheet%20reverse%20v6%20-%20inverted.png
- Lena151’s Assembler: Basics of Reversing DOC:
- (my mirror) http://dfirfiles.net/tuts/lena-videos/
- a Markdown cheatsheet from somewhere
- a Plaso filter reference slide, like p29 of this deck
- https://digital-forensics.sans.org/summit-archives/DFIR_Summit/Plaso-Reinventing-the-Super-Timeline-Kristinn-Gudjonsson.pdf
Written on April 1, 2017