*Disclaimer: Because SANS and many other certification companies have strict integrity policies, I avoid any specifics on purpose, but as a result, this lends itself to being a training method for any open-book exam.
Earlier this year, I signed up for the SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking by SANS Security. Back in 2023, I obtained the OSCP by Offsec, and the GPEN is considered equal to that, so I decided to try the more advanced GXPN. It’s commonly accepted that SANS courses are more academic than the Offsec certifications and less hands-on. While I’ll leave the pros and cons of that to be discussed at a later time, what that means for us now is that we have to be able to organize our information effectively for SANS. All SANS exams (that I’m aware of) are open-book. The total content can quickly expand beyond 1,000 pages, so being an open book only helps so much if you can’t find the information quickly.
There are many articles online about how to study and organize your information for SANS exams, but I did a slight twist on it. I’m a person who studies excessively for exams. For most people that will study for a month and jump in to take the exam, I’ll take 3 months to make sure I know everything. So naturally, I go overboard with my note-taking as well. We are going to break this down into four separate sections.
1. Highlighting and Indexing
I began my organizing, where most people would, by reading the content. I sat down at my desk and each night read about 50-75 pages with a highlighter in hand. I thought to myself that anything that could be an answer to an exam question I would highlight. I also had my laptop open when I was going through the content. When a major concept came up, I would enter the subject and page number into Excel. Once I finished a book, I put the content into two columns, printed it, and stapled it to the book's front cover. After I had what I referred to as my “Quick Index,” I created another Excel document, taking the title of each page and writing the page number next to it. Because these were much larger, they ended up being 2 pages. I printed those out in 2 columns and stapled them on the first and second pages of the book. These pages are usually boilerplate and don’t have any information related to the exam, so they are okay to cover. My theory is that I can quickly look at my index for the topic at hand, and if I don’t find it, I can resort to my complete index on the inside of the book. Because everything is highlighted, I can find the answer quickly, and with some luck, I will have highlighted it.
2. Commands and Scripts.
The next document that I created for myself was a sheet of every command in the text. I started at book one and copied every command. Some of the commands are long and require you to truncate them. This isn’t an issue because we simply use them to quickly reference. Most of the books ended up fitting on a single page. If questions related to command or syntax came up, instead of finding the subject, page, and then command, I could look at my command and scripts sheet to quickly get the answer.
3. Quick concept
The next document that I created was Quick Concepts. This included various bits of information that I knew would be on the exam. Whenever I saw a chart, table, or anything like that, I would simplify it and add it to my Quick Concepts. If there were various modes, configurations, tools, and protocols, I would also put that in a section. We all know that in computer security, there can be a lot of variety, and having all this together can be useful. Below the concept, I would include the page and book in which that concept could be found.
4. The workbook
The workbook contains all the content for the step-by-step labs. This was the largest of the six books, so I wanted to organize it in a manageable way. SANS provided color post-it tabs, which I used to mark each lab page. For example, 1.1, 1.2, 1.3, etc. On the front cover, I put the lab number, the lab name, the tool used in that lab, and the page on which the tool is used.
While it seems extensive, I believe that creating the organization is a form of studying in its own right. It’s beneficial when you are studying for an open book exam, as knowing where the content is is as important as the content itself. This method doesn’t only organize your information in various ways, but it creates a failsafe of sorts, so if you can’t remember what book a concept was in, you may know the tool it uses or where it is in your concept sheet and can find it that way.
If you have gotten this far, I hope you are doing well on your exam studying. These tests can take a lot of effort and mental drain. It’s important to remember that all of these exams are pools of questions and pools of machines. Sometimes, you get a set of easy questions, and sometimes you get the most obscure ones. That’s just how these go. Be sure to find a method of studying that works for you and, as I have done, adopt those known strategies. Good luck with advancing your cybersecurity career.
Comments