Got Ubuntu server 15 installed. Looking at Mutillidae for testing things like SQL injection and XSS. There is a version bundled as a VM called mesploitable, but there is an issue with the database name in a config (fixed, not horrible, but annoying). The big issue is that there is a newer version of Mutillidae out there and I’d rather use that. After installing it, finding and changing Database name, user password, etc – it doesn’t really work with the database components. . . . blah. Maybe I’ll just install it on the Ubuntu server.

Work continues on flash cards, the nmap one keeps growing and I still need to add nmap scripting engine stuff. There is a great SANS reading room page on nmap windows scanning here: https://www.sans.org/reading-room/whitepapers/testing/scanning-windows-deeper-nmap-scanning-engine-33138 Besides that, running all the commands mentioned before and understanding how they work is the task for now. My understanding is that the SANS GSE is somewhat time sensitive, and not having to lookup command syntax will save a good amount of time. Just as long as there is no expectation of blurting out an esoteric tar command off the cuff, right?

I’ve been in touch with a few other candidates that will be sitting the same day. Most seem to be about as prepared as I am. There were a few candidates a year or two ago that built a 100-page-ish GSE study guide and posted it to the Google groups page. There is a lot of stuff in there.