I’ve slacked off the past two weeks after the written test. Between end of semester and taking the GSE written I felt like I had earned some time off. I may not get started this weekend, but I do want to formulate my plan of attack for the lab in March.

I have Kali 1.0, but needed Fedora 20 (torrent link HERE: https://torrents.fedoraproject.org/).

I’ve started trolling through the giac-study Google group e-mails I’ve collected for GSE lab tips and tricks – there is some good (dated, but good) stuff in there. A notable quote: “If you don’t do IR as a day job , then continuous hands-on practice is the only way to pass the two day exam. Practice all the hands-on labs until you can do them without the books”. Another suggests making sure you are especially familiar with Wireshark (including extended features, analysis and extraction abilities), Metasploit (including the tasks performed in the lab sessions of GCIH), and command line tools. Suggestions for practice from various sources; the below is mostly packet analysis/network forensics based, the topic I feel weakest on:



A big list of pcap files to look at/ analyze from CTF events, honeypots, etc: http://www.netresec.com/?page=PcapFiles


Cheat sheets:


additional education training/videos:


additional challenges, including walkthroughs (not free, don’t know much about this other than they run a contest at DefCon):




My first order of business is to improve my packet analysis skills. I can do some generic BPF filtering, but the additional features of wireshark and tshark I’m still fuzzy on. . . I also need to get SiLK and BRO better in my head – specifically when, where, and how to use them.