I feel like I have a better handle on the packet analysis stuff – enough for this exam at any rate. Either way, I need to move on and work on making sure I’m fresh on the various labs for GCIH and GSEC. The main SANS GSE page lists some tools specifically; it’s time to go over those.

There is specific mention of office LibreOffice – something I’m not terribly excited about. Don’t get me wrong, open source is great, I just have an issue with office applications that have a tendency of crashing while I’m trying to write a report in them.

So, it’s on to creating flash cards for the most common command tools and ones specifically mentioned on the SANS GSE page. The below are ones I’m not totally comfortable on – basic unix commands like cd, rm, chmod, useradd I’m totally skipping. Some are rather extensive. The windows ‘net’ and ‘netsh’ commands have tons of options. . . Then there is PowerShell. Anyway, in rough order of perceived importance:

  • namp/nmapfe/zenmap
  • snort
  • GPG
  • iptables (probably only filter rules, not mangle or nat)
  • snort
  • tcpdump / tshark
  • Putty / ssh
  • winscp (I’ll do scp too)
  • netcat (I’m good with the standard stuff, but the ns scan methods and backpipe pivot . . not so much. Also, very handy when copy/paste fails in VMs)

Others I’ll include:

  • p0f
  • net (use, user)
  • netsh (advfirewall firewall set rule, )
  • powershell (well, that narrows this down, amirite? Searching for events, process list)
  • wmic (probably not a big concern – they aren’t going to have a 20+ node windows domain to look for a process on)

And still others:

  • dumpsec
  • mbsa (Microsoft Baseline Security Analyzer)
  • enum
  • Cain
  • md5sum
  • dd
  • jtr
  • stools/stegdetect. . . ?
  • apt/yum