security.crudtastic.com

So, I guess this isn’t really a security related post … but someone will find it useful I hope! Earlier today I wanted to upgrade my little notebook to the latest version of Windows 7 .. but of course most netbooks don’t have a DVD drive so you need to boot it off a USB stick.

You will need the following to create this bootable USB stick

• USB stick (4GB will do just fine)
• Vista or Windows 7 installation
• Windows 7 media (can be used with Vista as well)

So first of all we need to format the USB stick .. Insert the usual rubbish about it wiping everything on the drive and to back it all up etc etc (LAME). You do this by doing the following

1. Plug in your USB Flash Drive
2. Open a command prompt as administrator (Right click on Start > All Programs > Accessories > Command Prompt and select “Run as administrator”
3. Find the drive number of your USB Drive by typing the following into the Command Prompt window:
   diskpart
   list disk
   The number of your USB drive will listed. You’ll need this for the next step.  I’ll assume that the USB flash drive is disk 1.
4. Format the drive by typing the next instructions into the same window. Replace the number “1” with the number of your disk below.
   select disk 1
   clean
   create partition primary
   select partition 1
   active
   format fs=NTFS
   assign
   exit
   

When that is done you’ll have a formatted USB flash drive ready to be made bootable.

OK .. next we need to make the drive bootable .. this is pretty easy!

1. 1. go to your Windows 7 install directory (on the DVD).
   2. Change directory to the DVD’s boot directory where bootsect lives:
      d:
      cd d:\boot
   3. Use bootsect to set the USB as a bootable NTFS drive prepared for a Vista/7 image. I’m assuming that your USB flash drive has been labeled disk G:\ by the computer:
      bootsect /nt60 g:
   4. We’re done for this part

The final step (apart from actually runing the install) is to copy the contents of the Windows 7 DVD to the USB stick. You can use Windows explorer for this .. too easy huh?

Shove that USB stick into a netbook, power it up, make it boot from the USB stick and watch the magic of Windows 7 begin!!

That’s the basics .. if you have trouble with that you should see if there’s some video tutorials on youtube or something. Good luck team!

UPDATE – Exam is over and done with. I got 91% so I was really happy. Even though the SANS exams are open book exams, unless you know what you’re talking about and understand it you really aren’t going to do too brilliantly. I indexed the hell out of the 504 books which really helped, but there aren’t really too many questions that say What is XYZ where you can go and look up XYZ directly. The other thing is that the exams go for 4 hours (5 for the GSEC exam) and that in itself can be quite daunting! It really pays to use your 2 practice tests before hand to get into the groove (I did mine on the 2 days before the exam). The practice tests will give you a fair indication of how you will perform in final exam, at the end it gives you a print out of each section and how well you did, it makes it easy to know where to target to gain some extra marks. All in all though, as long as you make sure you do enough work before hand and know what you’re doing you should be fine. Make sure to take it easy during the exam, don’t rush (I have a tendency to do that – I did this exam in less than 2 hours, I did my CISA exam in 90 mins), and read all the questions carefully! My final words about taking this SANS course as well would be that the On Demand bundle was absolutely brilliant! This is the first time i’ve had access to a SANS On Demand course (and only because I was a facilitator at the Canberra 2009 event), and I was really impressed with it. There’s a series of MP3 files that have been recorded during an actual class, and they are shown along the slides used for the actual courses. At the end of each section there’s a mini quiz that you must get 80% on to move on to the next section, this ensures that you really do understand what you just watched before you move on. All in all, I really enjoyed this course, probably more than any of the other ones i’ve done (even non SANS ones) and I really felt like I got some seriously useful hands on knowledge that I can use in my daily job. Hopefully these notes will help anyone looking to do a GIAC GCIH .. or any other similar SANS or GIAC exam. Feel free to email me or post a comment if you need any other information about any of this stuff .. I’m more than happy to help!

So like last year, my lead up to sit my latest SANS exam has been a very last minute decision You can read about my follies last year HERE. Basically last year (for those who can’t be bothered reading my old post) I only had a week to study for the GIAC GSEC certification (SANS SEC401 Security Essentials Course). So I posted a few notes abotu how I was going to try and attack it and hopefully pass it. Well, I passed it and was pretty pleased with my results (you always know you can do better). Well, this year I’m getting ready to sit the GCIH (SANS SEC504) .. and guess what .. I have a week and a half to study!! hahhaha

So my crazy scheme is pretty much the same as last year, except I have an ace up my sleeve this year .. I have 4 full days in a row to study before the exam! I think I’ll be fine on this exam though. A lot of the content is tasks I do all the time in the office (and also a few good things I play around with at home). So let’s have a recap of how I’m going to attack this

1. Create an index of all the books for easy reference during the exam
2. Also mark the sections in the book with page tags (those little sticky notes)
3. Read through all the slides again
4. Sit a practice exam
5. Read through the book again, picking up on parts that I did poorly on
6. Sit a final practice exam (you only get 2)
7. Repeat step 5
8. Sit exam and do well/pass
9. Celebrate
10. Prepare for next certification/course

I won’t lie to you, there’s a lot of work to accomplish in a short amount of time. I really need to knuckle down and get into it (instead of writing a blog post about what I’m going to do). I feel really confident that I will pass this GIAC GCIH and hopefull even hit the magic marker to be a part of the GIAC Advisory Board.

I’ll let all you kids know how I go in a few weeks!

So, as you all know, I passed my ISACA CISA exam (woo yeah me) .. but that doesn’t mean it’s time to rest!

Next up (end of the month) I’m going to sit my GCIH certification (for the SANS SEC504 course) .. and then after that I’m going to have a crack at the Offensive Security – Pentesting with Backtrack certification (possibly with an old SANS chum – Chris).

This is from their website:

“Pentesting with BackTrack” (previously known as Offensive Security 101) is an online course designed for network administrators and security professionals who need to get acquainted with the world of offensive security. This penetration testing course introduces the latest hacking tools and techniques, and includes remote live labs for exercising the material presented to the students.

This course gives a solid understanding of the penetration testing process, and is equally important for those wanting to either defend or attack their network. The course can be taken from your home, as long as you have a modern computer with high speed internet.

“Pentesting with BackTrack” qualifies you for 40 ISC2 CPE Credits. This applies to students who submit their exercise documentation at the end of the course, or pass the certification challenge.

Let’s see how I go .. I could possibly crack and go mad – Here’s hoping!

I can now add CISA to my resume!

I got my results emailed to me during the night. For some reason the first thing I did when I woke up this morning was to check my email, and it said I had passed!

So I’m pretty much certified out now .. I still have to sit my GIAC GCIH exam from SANS Canberra this year (which I’m trying to get sorted out now).

Anyway .. if anyone is planning on sitting their CISM or CISA exams at the end of the year have a look through some of my old study notes for a few tips etc. If you have any more specific questions feel free to leave me a comment or send me an email.