- Roadmap
- Steps To
- Security Admin
- Management
- Forensics
- Audit
- Legal
- Software Security
- GSE-Malware
- GSE-Compliance
- GSE
- DoD 8570
- Retired Certifications
GSE Skillset
Intrusion Detection Skills
- Identify specific attacks by analyzing network traffic with tcpdump.
- Dissect a datagram using tcpdump.
- Identify and interpret normal and abnormal IP header fields.
- Be able to craft packets using different tools.
- Analyze a packet header using tcpdump.
- Identify and interpret normal and abnormal TCP fields.
- Identify and analyze specific exploits.
- Identify and analyze fragmentation-based attacks.
- Detect and identify reconnaissance attempts.
- Be able to use and configure Snort.
If you need to brush up on these skills you can get them by taking the SANS SEC503 course or other training, using reference materials, and applying your professional skills.
Incident Handling Skills
- Be able to identify backdoors on a system and how to remove them.
- Properly use tools such as inetd, tftp, Netcat and Xterm to gain backdoor access to a host.
- Properly use Administrator passwords on Windows shares to spawn a Netcat shell and identify means to defend against it.
- Be able to distinguish incidents from events and how to properly handle an incident.
- Be able to use various tools to capture and crack password hashes from local and remote systems.
- How to port scan remote systems and properly analyze the results for later use.
- How to conduct active and passive OS fingerprinting against local and remote systems and interpret the results.
- How to initiate, identify, and defend against session hijacking attacks.
- Be able to identify, contain, and remove various types of malicious code from a system.
- Be able to use metaspoit.
- Be able to use nessus.
- Be able to follow the incident handling process and analyze logs/data collected from an actual incident.
If you need to brush up on these skills you can get them by taking the SANS SEC504 course or other training, using reference materials, and applying your professional skills.
General Security Skills
- Identify common attack methods and understand to mitigate those them.
- Be able to identify and implement basic firewalling strategies.
- Be able to properly archive or copy data from a single system and later restore and manipulate that data.
- Be able to work comfortably with key command line tools to manage and harden UNIX-based systems.
- Be able to properly secure Linux including parameters, file permissions, accounts, and warning banners.
- Be able to use built-in tools to properly audit Windows hosts.
- Be able to use built-in and third party tools to manage and harden Windows hosts.
- Be able to use iptables.
- Be able to use ssh.
- Be able to use gpg.
If you need to brush up on these skills you can get them by taking the SANS SEC401 course or other training, using reference materials, and applying your professional skills.
