Logo
RSS Feed

👈🏼 Back to
Notes

GCFA

GCFA Study Plan 🗒

This is my GCFA study plan. I hope it will help me in organizing and prioritising the topics to learn and also in estimating the time I need to get ready. There are two plans that I’ve used: exam plan and the official course plan. On the exam description page there is stated that:

No Specific training is required for any GIAC certification. There are many sources of information available regarding the certification objectives’ knowledge areas. Practical experience is an option; there are also numerous books on the market covering Computer Information Security. Another option is any relevant courses from training providers, including SANS.

Advanced Incident Response & Threat Hunting

Legend

Below is the skeleton from SAN508 course description. I am using it to make up my study plan. For each step of this plan I estimate my current level of training and I am also collecting resourced for this topic under Resources.

🫑 - level 0. I know nothing and not even where to start. I might have some embarrassingly fundamental knowledge which is not good enough even for the start.

Intrusion analysis 🛠️

Legend

Below is the skeleton from SAN508 course description. I am using it to make up my study plan. For each step of this plan I estimate my current level of training and I am also collecting resourced for this topic under Resources.

🫑 - level 0. I know nothing and not even where to start. I might have some embarrassingly fundamental knowledge which is not good enough even for the start.

Memory Forensics in Incident Response and Thread Hunting 🗓

Legend

Below is the skeleton from SAN508 course description. I am using it to make up my study plan. For each step of this plan I estimate my current level of training and I am also collecting resourced for this topic under Resources.

🫑 - level 0. I know nothing and not even where to start. I might have some embarrassingly fundamental knowledge which is not good enough even for the start.

Timeline Analysis ⏱

Legend

Below is the skeleton from SAN508 course description. I am using it to make up my study plan. For each step of this plan I estimate my current level of training and I am also collecting resourced for this topic under Resources.

🫑 - level 0. I know nothing and not even where to start. I might have some embarrassingly fundamental knowledge which is not good enough even for the start.

Incident Response & Hunting Across the Enterprise | Advanced Adversary & Anti-Forensics Detection

Legend

Below is the skeleton from SAN508 course description. I am using it to make up my study plan. For each step of this plan I estimate my current level of training and I am also collecting resourced for this topic under Resources.

🫑 - level 0. I know nothing and not even where to start. I might have some embarrassingly fundamental knowledge which is not good enough even for the start.

The APT Threat Group Incident Response Challenge 👯‍♀️

Legend

Below is the skeleton from SAN508 course description. I am using it to make up my study plan. For each step of this plan I estimate my current level of training and I am also collecting resourced for this topic under Resources.

🫑 - level 0. I know nothing and not even where to start. I might have some embarrassingly fundamental knowledge which is not good enough even for the start.

Sample Questions

  1. List of tools
  2. List of reg entries
  3. List of known malware and ioc
  4. Terminology
  5. List of artefacts (Win and Lin)
  6. List of attacks
  7. List of scans and their footprint (try map against different OS and log the results)
  8. Re-read those diaries, might be of help
  9. Configure laboratory (Wins I have + WinXP + Linux Hacking + Linux Kali)
  10. Install WinServer VM with AD and learn the basics (Udemy course may be + Hahacking + questions)

Which of the following encryption methods use the RC4 technology?