HandsOnKB

Tag: certification

  • GX-CS & GX-IH Prep

    kibrettsige

    A New Path to the GSE

    GIAC recently (in the last ~3 years) introduced “Applied Knowledge Certifications,” a new, hands-on tier of exams to show advanced proficiency as an information security professional. These four-hour exams consist of 25 practical CyberLive (virtual lab) questions.

    This new tier also creates an updated path for GIAC’s expert-level designations:

    • GIAC Security Professional (GSP): 6 Practitioner certs + 2 Applied Knowledge certs.
    • GIAC Security Expert (GSE): 6 Practitioner certs + 4 Applied Knowledge certs.

    If you’ve been in InfoSec for a while, that new GSE path probably caught your attention. The original GSE process was a notoriously cumbersome ordeal, requiring multiple prerequisite certs, research papers (“Gold Papers”), an entrance exam, and a grueling 15-hour, four-part lab.

    My Game Plan: Targeting GX-CS and GX-IH

    I’m planning to pursue this new path since I like challenging myself, these exams consist solely of “hands on keyboard” tasks, and I already have all the practitioner certs needed.

    I currently hold the GSEC, GCED, GCIH, GCIA, GDSA, GSTRT, and GPEN. I’ll be taking the GREM course in December, and I plan to pursue the GSLC, GXPN, and GRTP afterwards to close out my Master’s in Information Security Engineering with SANS.

    Each Applied Knowledge exam has a list of “Primary Fit” courses that align with its content. I chose to start by targeting the exams that best match my current experience:

    1. GIAC Experienced Cybersecurity Specialist (GX-CS)
      • Primary Fit: SEC401 (GSEC)
    2. GIAC Experienced Incident Handler (GX-IH)
      • Primary Fit: SEC503 (GCIH)

    My reasoning is that I’ve already taken more advanced courses in these domains (like GCED, GDSA, and GPEN), so I should be well-prepared for these exams.

    The last two that I’ll focus on most likely in 2027 for my GSE will be the GIAC Experienced Intrusion Analyst (GX-IA) and GIAC Experienced Penetration Tester (GX-PN), so stay tuned for the game planning/prepping for that in the future.

    Because these exams are 100% hands-on, success depends less on memorizing definitions and more on practical, tool-centric skills. For the two exams I plan to take, this means being well-versed in the following:

    GX-CS: GIAC Experienced Cybersecurity Specialist

    • Advanced Network Analysis
      • TCPDump, WireShark/TShark
    • Evaluating Linux Systems
      • Bash
      • File System Interaction
      • User and Group Administration
    • Evaluating Windows Systems
      • ProcessHacker2
      • PowerShell
      • Windows Command Prompt
      • Event Logs
    • File Analysis
      • Strings, Metadata, Binary Content, Find & Locate
    • Malicious Programs Execution & Exploitation
      • Strings, Metasploit, Meterpreter, MSFVenom
      • CrackMapExec
    • Network Security
      • Snort, Suricata, Zeek, Elasticsearch
    • Password Cracking
      • Hashcat
      • Hydra
      • John The Ripper
      • pw-inspector

    GX-IH: GIAC Experienced Incident Handler

    • Command-Line Security and Analysis
      • Command History (PS-Readline and .bash_history)
      • Netcat
      • Windows Alternate Data Streams
    • In-Depth Attack Analysis
      • The candidate will perform a multi-part attack or task, centering on both Windows and Linux/Unix-based skills.
    • Incident Investigation
      • Linux Audit Logs
      • Windows Event Logs
      • Volatility
      • Process Monitor
      • Elasticsearch or Splunk
    • Infrastructure Analysis
      • Cloud Scanning
      • Vulnerability Assessment (Nessus, OpenVAS, Seatbelt)
      • DNS Enumeration (nslookup, dig)
    • Password Attacks and Analysis
      • Password Guessing (Hydra, Hashcat)
      • Reviewing Logs for Password Attacks
    • Pivoting
      • Meterpreter
      • Chisel
      • Ligolo-NG
      • Sliver
    • Protocol Security and Attacks
      • SMB, FTP/SFTP, SCP
      • Identify vulns, false positives, and mitigations
    • Reconnaissance
      • Nmap
    • Website Security
      • SQL Injection, Command Injection
      • XSS, CSRF

    This isn’t my final list since I’m sure there’s more I’ve missed, but it’s what I’ll be starting with while preparing throughout this month. Wish me luck and I’ll get back to you with the results in late December!

  • Back After A Year

    kibrettsige

    The Roadmap for the Future of This Blog

    Things have been moving pretty quickly in my career and life since the last blog post this time one year ago. First off, I got accepted to the SANS Technology Institute’s Master of Science in Information Security Engineering (MSISE) program with a (currently intended) specialization in Penetration Testing.

    After my employer paid for me to take the course and exam for the GIAC Certified Enterprise Defender (GCED) and GIAC Certified Intrusion Analyst (GCIA) in 2023 and I managed to pass both pretty comfortably, I decided to move forward with pursuing a Master’s degree at the accredited university side of SANS. They allow you to make monthly payments and provide a 50% discount on course costs if you get accepted, which I managed to do earlier this year. My employer’s surprisingly willing to cover SANS courses, and I was paying a similar amount to the Master’s program cost monthly in student loan payments (which are now paused due to going back to school) so it was kind of a no-brainer.

    GCED Course Books

    This course was like a more involved (and practical) version of the CISSP in my opinion.

    GCIA Course Books

    LOTS of detail about in-depth packet capture and analysis, hence the additional books over the GCED.

    Second, I had the incredible fortune of being able to attend “Hacker Summer Camp (HSC)” which consists of BSides Las Vegas (and The Diana Initiative, which I wasn’t able to make), Black Hat USA, and DEF CON 32. Even with the absurd Las Vegas heat (113 degrees Fahrenheit at its peak!) I had a phenomenal time, favoring BSides and DEF CON over Black Hat with its flood of corporate and vendor pitches and follow up correspondence (my work e-mail inbox was flooded for weeks). I was also blessed with the opportunity to attend ShmooCon and BSides NOVA this year as well. I’ll make a post about all those experiences soon.

    And lastly, I was promoted into a more technical Blue Team role working with SIEM tools for an enterprise cloud network. This was huge for me since I’ve been aiming for a “hands on keyboard” role (hence the name of this blog) ever since getting my CISSP and CCSP and being disappointed with the world of Cybersecurity Policy and Compliance. Work like this and my intended Master’s specialization is more difficult but will pay dividends in terms of my future career opportunities and understanding of the field as a whole. It’s intimidating looking at the increasingly difficult educational material I have coming up, but I’d be lying if I said I wasn’t excited too.

    So, you may be thinking “Good for you, but I don’t see what all this bragging has to do with the site.” My answer to that would be 1. I’m not nearly as great as all of the above makes me seem, and 2. This is the part where I’ll get into the future of this blog.

    Initially I thought I would be posting walkthroughs for HTB machines and Academy modules until receiving a very polite but firm cease and desist e-mail from them. Now I’m thinking my posts will cover my NDA-friendly thoughts on the courses and trainings I’ve taken, books I’ve read, personal projects I’ve undertaken, and content creators I follow all within the information security ecosystem.

    Here’s the current list I’m looking at of things I intend to cover:

    1. My experience taking the SEC501 course and GCED exam (broken down per book but not giving more detail of the contents than what’s on their public page)
    2. The same for SEC503 and the GCIA exam (again using their public page as my guide)
    3. Also covering SEC504 and the GCIH in a similar fashion (with this page as my guide)
    4. My review and thoughts on the book Countdown to Zero Day (and before you ask, no that’s not an affiliate link so I get no money if you use it to buy the book)
    5. Reading through the book Hands-On Hacking (from what I’ve read so far, it seems pretty legit)
    6. My experience taking the PEN-200 course from OffSec and the OSCP exam (being careful not to upset their legal department by saying too much)
    7. My thoughts and experiences with HTB Academy materials from the CJCA, CWES, CPTS, and CDSA curriculums (let’s see if I can get it right this time, lol)

    As far as 2025 goes juggling this with my career, school, relationship, professional development goals, staying active, and hobbies seems like a full plate. Hopefully I’ll be able to finish the first 4 or 5 of those and complete a good amount of the latter 3 without taking too much time away from the other parts of my life.

    If all goes well I’ll eventually be able to put my MalDev Academy lifetime subscription (as well as my CodeCademy subscription, which I’ve already completed a good chunk of) to good use by working through that material too. That level of knowledge and experience with computing and information security is the goal!

    Additionally, my course plan for future semesters shows that I’ll be taking the GDSA, GPEN, GRTP, and GXPN courses so if you’re interested in reading what I have to say about those stay tuned!