Certified: SANS GIAC GSEC Audio Course

Episode 90 — Exam Acronyms and Essential Terms: High-Yield Glossary for GIAC GSEC

This episode consolidates high-yield acronyms and essential terms into a practical exam-readiness review, focusing on precision and context because GSEC questions often turn on subtle wording differences and overlapping definitions. You’ll connect common security vocabulary across access control, networking, cryptography, monitoring, incident response, and governance, and you’ll practice distinguishing terms that are frequently confused, such as authentication versus authorization, hashing versus encryption, stateful versus stateless filtering, and policy versus standard versus procedure. We’ll use short scenario-style cues to show how the exam signals which term it is really testing, and we’ll reinforce best practices for eliminating distractors by matching the term to the control objective and the failure mode described. The goal is not memorization in isolation, but faster recognition and more consistent answer selection under time pressure, with emphasis on reading carefully, identifying scope, and validating the most defensible interpretation of the question stem. Produced by BareMetalCyber.com, where you’ll find more cyber audio courses, books, and information to strengthen your educational path. Also, if you want to stay up to date with the latest news, visit DailyCyber.News for a newsletter you can use, and a daily podcast you can commute with.

Episode 89 — Audit Windows and Use PowerShell Safely: Telemetry, Basics, and Forensic Readiness

This episode explains Windows auditing and PowerShell safety as two sides of the same operational reality: PowerShell is a legitimate admin tool and a common attacker tool, so visibility and discipline must be built in from the start, which is a frequent GSEC scenario pattern. You’ll learn what useful Windows telemetry looks like for investigations, including authentication events, privilege changes, process and service activity, and script execution evidence, then connect that to how PowerShell can be used for automation, remote administration, and also living-off-the-land attacks. We’ll use scenarios like suspicious remote script execution, encoded command usage, and abnormal administrative activity that blends with normal operations, then focus on best practices such as restricting who can run privileged scripts, using signed scripts where feasible, monitoring high-risk execution patterns, and ensuring logs are centrally collected and retained. Troubleshooting includes determining whether a PowerShell alert is benign automation or malicious activity, validating that audit policies are actually enabled, and ensuring systems are time-synced and configured so event records support reliable timelines. Produced by BareMetalCyber.com, where you’ll find more cyber audio courses, books, and information to strengthen your educational path. Also, if you want to stay up to date with the latest news, visit DailyCyber.News for a newsletter you can use, and a daily podcast you can commute with.

Episode 88 — Enforce Windows Security Policy: Group Policy Concepts and INF Template Thinking

This episode focuses on Windows policy enforcement through Group Policy concepts and template-style configuration thinking, aligning with GSEC questions that test whether you understand how consistent settings are applied and audited at scale. You’ll connect policy objects to organizational units, inheritance, and precedence, then explain why policy design affects both security and operational stability when settings collide or are overridden by local changes. We’ll discuss security baselines as standardized configurations that reduce drift, and how template-driven approaches help ensure repeatability, evidence, and quick recovery when systems deviate from approved settings. Scenarios include enforcing password and lockout policies, restricting local admin rights, hardening auditing settings, and applying firewall configurations across fleets, with troubleshooting guidance for common problems like policy not applying due to scope, conflicting settings, slow refresh cycles, or mislinked objects. Best practices emphasize change control, staged deployment, verification through reporting, and documentation that ties each policy to a control objective and a measurable security outcome. Produced by BareMetalCyber.com, where you’ll find more cyber audio courses, books, and information to strengthen your educational path. Also, if you want to stay up to date with the latest news, visit DailyCyber.News for a newsletter you can use, and a daily podcast you can commute with.

Episode 87 — Apply Windows Access Controls Correctly: NTFS, Shares, Registry, AD, and Privileges

This episode explains Windows access controls as layered enforcement mechanisms that must align, which is a common GSEC exam trap when questions mix NTFS permissions, share permissions, registry permissions, and directory-based authorization. You’ll learn how NTFS controls protect files and folders, how share permissions add an additional layer for network access, and why the effective permission is the intersection of both, not whichever looks more permissive in isolation. We’ll connect registry access to system integrity and persistence risk, and we’ll explain how Active Directory permissions and privilege assignments can enable powerful actions even when file access seems locked down. Scenarios include a file share exposed more broadly than intended, a user able to modify a service configuration through permissions inheritance, and a troubleshooting case where access is denied because of conflicting share and NTFS settings. Best practices emphasize role-based group assignment, minimal explicit denies, careful inheritance design, separation of administrative accounts, and verification of effective permissions using real access tests and logs rather than assumptions based on one configuration screen. Produced by BareMetalCyber.com, where you’ll find more cyber audio courses, books, and information to strengthen your educational path. Also, if you want to stay up to date with the latest news, visit DailyCyber.News for a newsletter you can use, and a daily podcast you can commute with.

Episode 86 — Understand Windows Security Infrastructure: Accounts, Groups, Domains, and Trust Relationships

This episode builds an exam-ready understanding of Windows security infrastructure by focusing on how accounts, groups, and domain relationships determine access and attack paths, which is central to many GSEC scenario questions. You’ll review local versus domain identities, how group membership drives privileges, and why domain architecture and trust relationships can extend both capability and risk across environments. We’ll discuss how attackers exploit weak identity hygiene through credential theft, excessive group membership, shared admin usage, and poorly controlled trusts that enable lateral movement. Scenarios include a workstation compromise that escalates via cached credentials, an admin group that unintentionally includes non-admin users through nesting, and a trust that allows access where segmentation and policy assumed separation. Best practices emphasize least privilege group design, clear administrative tiers, strong authentication for privileged accounts, and logging that supports attribution of high-impact actions, with troubleshooting guidance for interpreting access failures without “fixing” them by granting broad permissions that create persistent risk. Produced by BareMetalCyber.com, where you’ll find more cyber audio courses, books, and information to strengthen your educational path. Also, if you want to stay up to date with the latest news, visit DailyCyber.News for a newsletter you can use, and a daily podcast you can commute with.