I just returned from SANS Toronto 2008 SEC504, and it was great. There were ways it could have been better (most courses are like that), but overall, no complaints - UW's money was well-spent.
One comment I made a couple of times was I thought there should be more "this is what you can expect to see in your [log files | tcpdumps | whatever]", maybe at the cost of some of the slides on things like format strings and buffer overflows. While I realize that those are important for people to know about, I think the course title would be better reflected by a bit more "this is what you'll see" instruction and a bit less technical-but-not-very type instruction. Not a major change, maybe a dozen slides or so.
Being me, I had to point out a few typos and such, although I have to say the slides themselves and the supplementary comment was generally extremely well-edited.
Oh, and it didn't hurt that I won two books during the Capture the Flag competition today - one for being the first to find a flag on one of the Linux boxes, and the other for getting the final flag first. So I have a copy of Malware: Fighting Malicious Code and Counter Hack Reloaded, the latter signed by Ed Skoudis and Bryce Galbraith (my course instructor).
Everything people say about SANS courses being like drinking from a fire hose is correct though; there was a lot of material covered in 5 days. (It's a six day course, but the last day is the CTF lab.) While it's true that you don't need (m)any Linux skillz for this one, trust me - it helps, you're not wondering what he's talking about and trying to figure out syntax. The fellow behind me hadn't touched a Unix machine in 8 years, and was having a hard time of it; part of the reason I got the secret stuff first was I didn't have to fumble about just trying to remember how to cat a file or work gcc. Hardly l33t, but it's easy to forget how tricky that can be to somebody who's also trying to take in tons of other new material.
Now I need to take a day to rest my brane, and then organise my notes so I know what to start whining about at work.


Published

Category

Technology

Tags

Contact