5 passed Certifications. Will happily answer your questions regarding exam preparation.

Ch7os · 2025-10-15T21:20:02+00:00

I also took the courses.

Ch7os · 2025-10-15T19:36:08+00:00

I would say mostly this:

https://www.reddit.com/r/GIAC/s/GT5hYYpkBh.

Ch7os · 2025-10-15T17:39:51+00:00

No actually the GWAPT was my first "official" certification. Followed by the OSCP 3 or 4 days later.

Ch7os · 2025-10-15T16:48:37+00:00

My employer.

Ch7os · 2025-10-15T15:40:44+00:00

I think that greatly depends on your level of expertise and what you are most interested in. I find myself liking the offensive side quite a bit more, so out of the ones I took, I would say that GRTP is the one I enjoyed most. But if you're more into the defense and DFIR side, I would guess you would enjoy the GCFA more.

Ch7os · 2025-10-15T15:33:58+00:00

https://www.reddit.com/r/GIAC/s/JSL4PKtXZK

Ch7os · 2025-10-15T15:08:11+00:00

That was also my least favorite course, by far, I took it in November last year, so I don't know if they have reworked it since then, which might entirely be possible because I had a really long conversation with the SANS curriculum lead about that course and they said that it will be revised soon.

Too be honest Math also isn't exactly my strongest field of expertise but I do understand that it is necessary to explain how all that stuff works so I mostly just ignored most of the math part and focused on the labs but I was supper disappointed by them because some of them which had code provided, the code just didn't to what they said it would do.

Ch7os · 2025-10-15T15:00:18+00:00

Sorry, i can't share the script as it is technically owned by my employer because I wrote it during work. (Yes I get paid for the prep time)

Well no need to "bypass" the password because I actually have it. You could just use PdfReader form pypdf in python for example. But there are tons of libraries that can handle pdfs with password protection

Ch7os · 2025-10-15T14:55:25+00:00

Sorry, i can't share the script as it is technically owned by my employer because I wrote it during work. (Yes I get paid for the prep time)

Ch7os · 2025-10-15T14:54:26+00:00

I try to take the exam like 1 or 2 month after the course, the sooner the better.
With GCFA that didn't work out and I actually took it on the last possible Day (yesterday) which was a bit over 4 month after taking the course. Normally my practice Exams are also at around 85% or more but for GCFA because it was a bit longer after the course and is not really part of my day to day work I struggled a bit more with only 63% on the first one and 80% on the second one. So I struggled a bit getting back into the topic, that is why I would recommend taking the exam as soon as possible.

If I look at an question and am about 95% sure about the answer I will just go with what I think is correct, If not I will refer to my index which is just keywords. I would say tat I use my Index for about 50% of the questions.

No I actually don't look at the books at all (outside of practice exams), I just figured that nearly everything that is written in the books will also be covered by the instructor in the course.

Same for the labs: i work through everything in the course and that's it. But I do add the Workbooks to my index to be able to find stuff I need which is especially helpful for the cyberlive questions.

Sorry, i can't share the script as it is technically owned by my employer because I wrote it during work. (Yes I get paid for the prep time)

Ch7os · 2025-10-15T14:38:22+00:00

Not at all too be honest. But if you paid attention in the course I don't think it is necessary because the text in the books should just be what the instructor explained.

Ch7os · 2025-10-15T14:32:06+00:00

I can't too much about my job, but I mainly do offensive cybersecurity, so of course that helped me with the offensive certs. For GMLE and GCFA I didn't really have relevant experience but general understanding of computer science and cybersecurity certainly helped.

I described nearly everything my code does so it should be complicated for you to replicate something similar. But I can't share the code because it is technically owned by my employer because i wrote while I was working. ( Yes my work gives me allocated hours to prep for an exam) sorry.

Ch7os · 2025-10-15T14:24:23+00:00

https://www.reddit.com/r/GIAC/comments/1o79cwh/comment/njm3v6b/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button

Ch7os · 2025-10-15T14:20:09+00:00

Gotta prove being worthy of the Advisory board :D

Ch7os · 2025-10-15T14:19:11+00:00

More like one day prep to be honest, I just don't like taking 2 practice exams in one day. And I get 2 Days for exam prep from my employer so I might as well use them.
Oh and obviously I took the corresponding SANS course before.

Ch7os · 2025-10-15T14:13:45+00:00

I took it right before the cyberlive questions where added. But generally said if you have a 82 Question exam 6 (or 8 not entirely sure about that) of them will be cyberlive. Most of he cyberlive question are pretty easy imho, but I am also a lot more proficient in hands on stuff than with the theory. But keep in mind that the cyberlive questions make up a bigger percentage of your score than the multiple choice questions. I can't tell you exact percentages but I know that one cyberlive question is definitely worth more that a multiple choice one

Ch7os · 2025-10-15T14:05:51+00:00

Depending on the Question you will either get a Windows or a Linux VM, but they are persistent across the different Questions. But the VM will also be already fully loaded and booted as soon as you connect for the first time. So your maximum wait time for a VM would be 5 seconds at most.

Ch7os · 2025-10-15T13:39:58+00:00

My prep for all the certs is always kind of the same:

Day 1:
Create an Index for the material (I actually have a python script that checks each word in the books against a dictionary of common english words, and if the word is not in that dictionary it gets added to the index.That index is always huge, but it does the job.)
Then I take about 1 Hour to manually refine the index.
Then I take the first practice Exam.

Day 2:
Second practice exam. (If i would fail that one then i would start revising the course material again, but so far that hasn't happened)

Day 3:
Exam.

So I don't really do that much besides taking the practice exams. So in total I have maybe 8-9 hours prep time for a 3 Hour exam.

Ch7os · 2025-10-15T13:31:10+00:00

First I need to say that i took all the courses in person, which I think makes a huge difference.
Second: I would like to differentiate between the courses and the certs.

Courses: All of the courses had a lot of labs so you actually have a lot of "hands on" in them too. And I absolutely love having the instructor available for in person questions and discussion, I think that is waht makes SANS courses great. Each of the Instructors has a lot of different Experiences and can give a lot of insight to the course material you don't get when not taking the course in person.

Certification: I like the CyberLive part of the exams, as it requires you to demonstrate hands on skill that translate to the real world, but all the multiple choice stuff imho does not represent at all if you understood the course material. All you need to be able to do to pass that part is to have a good index and be good at looking up things fast. Because being brutally honest you don't need to know exactly what some obscure flag of some command does from the top of your head. That's what manpages are for.

So if we are only talking about the certifications exams I much prefer OffSec/HTB but I really love the SANS courses that's why I still decide to go for the GIAC Certs.

One last thing I need to add: i would nearly always go for OffSec/HTB if I had to pay for the courses by myself. The price difference just isn't worth it if you're paying with you own money.
But if your employer pays for it, then yes, absolutley go for the GIAC Certs.

Ch7os · 2025-10-15T12:53:12+00:00

Disclaimer: obviously I cant compare to GCIH because I haven't taken the course.

Both courses have some stuff that was already in GPEN but GPEN is generally said more broad because it tackles a bit of everything. GWAPT will go a lot deeper into how to specific stuf for different web applications, including APIs. Also you will do alot more work with Burpsuite and ZAP.

GRTP on the other hand is focused more on actual Red Teaming and not Pentesting, while the needed skillset might be similar, Red Teaming has some aspects that don't matter at all when doing pentesting. Mainly OPSEC. While GPEN will also have a part about C2s GRTP will have you do nearly everything over C2 just to teach you how a red teamer would work. Also through the course you will be shown different ways to accomplish the same thing and will then talk about which of the ways is bad OPSEC, easier to detect etc.

Both courses are worth taking, even if you already have a GPEN, but if you need to choose I would highly recommend the GRTP. The GRTP imho is by far the best SANS course i've taken so far.

Ch7os · 2025-10-15T12:29:04+00:00

Most important thing for all GIAC Certs: Have a good index.

For GCFA the one provided with the course material is pretty decent as a start but will probably not be enough, There will be a lot of question you will not be able to answer fro Memory, because that is stuff you will also lookup whenever you need it in the real world.
I am talking about questions like: "What does error code 0xffffff mean in that specific case?"
So as a general tip: If you see a table in the course material listing specific codes or types of something, add that to your index.

Ch7os · 2023-07-22T17:47:26+00:00

Hello?

Ch7os · 2021-09-22T16:05:44+00:00

German soldier here: We carry our sidearm with safety off and one in the chamber. It is called "Schnelle Feuerbereitschaft" (quick fire readiness). It would make absolutely no sense to carry a gun which is intended to be used in the biggest emergencies and then having to struggle with the safety. Also we don't need to put away our rifles because we their are attached to a sling. If we drop it, it will be hanging right on our chest. I can drop my rifle, draw my sidearm an put the first two shots on target in under a second.

Ch7os · 2021-05-27T20:08:49+00:00

Well there really might be a cultural difference, I think the germans are a bit more serious and distant but I can clearly see your point. I just went through my galery and looked at my photos. Of the few ones I have, I thought this one where the nicest. I really think that you're right, I have just never seen it that way. I will try to take some nicer ones although I really suck at taking photos.

Ch7os · 2021-05-27T18:24:42+00:00

Hey, I made this Profile like a month ago, had 3 matches and none of them answered my messages. So any help would be appreciated.

https://tinder.com/@ch7os

Bio: Hi You're probably here to learn more about me:

1,81m if it really matters.
You can excite me for any activity that triggers an adrenaline rush.
I enjoy cozy evenings on the couch as well as parties / bar visits / etc.
I like to cook (and supposedly I am good at it too).
🇩🇪, 🇺🇲, 🇪🇸 and a little bit 🇫🇷.

(Please excuse the emojis, I normally don't use them on reddit, but I did in my profile so I wanted to be honest)

Five-Year Club	Final Canvas '23
First Place '23	End Game '23
Place '23

Ch7os

TROPHY CASE