GSE Study and Prep notes

Herein are a few notes on my journey towards GSE as traditionally made and posted before the exam. For more info on GSE see the official site: https://giac.org/gse

Preparatory Studies (~5 years)

  • selfstudy 401,504,503,508 … took 511 live
    • taught 404,504,511
    • (renewed 401,504,503)
  • NetWars Core continuous, got to L3
  • almost finished Bandit (OTW) and did most of https://cmdchallenge.com
  • (re)Listened to (most of) Sec503 (Mike) and (much of) Sec504 (John)
  • 503 Labs review especially Days 3,4,5 (snort, bro, silk, nfa)
  • VulnHubs:
    • Sickos 1.2
    • SkyDogCon 2016
    • VulnOS 2
    • Metasploitable 2
    • mrRobot
  • PWK lab manual labs
  • #investigationtheory and #eisw online courses from @chrissanders88
  • SEC504 labs review, especially hotpics and xss/sqli
  • Windows triage/response webcast from BHIS
    • some practice with windows tools and clkf
    • repeated runs with sec504-lab.exe
  • Some Burp on WebGoat, Burp on MSF3, and Samurai practice
  • some exercises from Malware Traffic Analysis (MTAs)
  • some Honeynet chals , particularly Banking Troubles

my kit:

This is what I’m taking in with me. It certainly includes some things that are unrelated to the exam but are part of my regular load-out. I will just feel better having them whether useful or not this weekend.

books and brochures

  • Blue Team Handbook (Don Murdoch) (the BThb) :
    • https://www.amazon.com/Blue-Team-Handbook-condensed-Responder/
  • RTFM & BTFM :
    • https://www.amazon.com/Rtfm-Red-Team-Field-Manual/
    • https://www.amazon.com/Blue-Team-Field-Manual-BTFM/
  • NFSG : http://thewayofthepacket.com/wp1/
  • SEC503 lab manual, tabbed a bit
  • SANS handouts for packet analysis, windows and linux response, windows command line
    • http://pen-testing.sans.org/resources/downloads
  • SANS DFIR posters (red, blue, green)
    • https://digital-forensics.sans.org/community/cheat-sheets

random printouts:

  • Don M’s GSE study guide 4.0, lightly tabbed and highlighted
  • Sample incident report from Lenny Zeltser (PDF):
    • https://zeltser.com/cyber-threat-intel-and-ir-report-template/
  • A full page ascii/hex/dec chart
    • [can’t find right now]
  • Snifer’s MsfVenom cheatsheet:
    • https://raw.githubusercontent.com/Snifer/security-cheatsheets/master/msfvenom
  • a demo LibreOffice report doc: headers, title, outline, toc, stamps
  • TCP/IP flags mneumonics from Daniel Miessler:
    • https://danielmiessler.com/study/tcpflags
  • r00tBSD’s REM wallpaper:
    • http://r00ted.com/cheat%20sheet%20reverse%20v6%20-%20inverted.png
  • Lena151’s Assembler: Basics of Reversing DOC:
    • (my mirror) http://dfirfiles.net/tuts/lena-videos/
  • a Markdown cheatsheet from somewhere
  • a Plaso filter reference slide, like p29 of this deck
    • https://digital-forensics.sans.org/summit-archives/DFIR_Summit/Plaso-Reinventing-the-Super-Timeline-Kristinn-Gudjonsson.pdf
Written on April 1, 2017