SANS Institute is once again offering our best special offers of the year, and will be offering a variety of devices and discounts to choose from in the coming weeks. Now through December 8, register for a 4-6 day SANS training course and get your choice between an 11" iPad Pro with Magic Keyboard, a Microsoft Surface Pro X, a free GIAC attempt, or $350 off the price of training. You can read about the terms and conditions associated with this offer, as well as find the promo codes for each selection here.
How do you choose? In case you need some help, 14 of SANS' expert instructors have offered up some of their thoughts below on how they would choose between these devices and what they might use their selected device to do in order to get the most out of them.
Tinkering is always a way that I personally learn. I can only get so much from reading details. I need to get in and get my hands dirty. Virtualization has done a lot for us to make it easier to create a home lab without too many problems. But there is always a place for real devices. I am a packrat sometimes when it comes to technology and keeping old systems and devices around. I have several boxes of devices, tablets, laptops (there is even an old Samsung flip phone in there) that every now and then I dig into. Why? Because there ends up being a need for the physical device to try something. Test something. Or just "we have XXX in the environment, but we have no clue about it."
And putting on my MGT516 hat, I always want to see how something that isn’t able to be patched, running an old Android or an old version macOS, reacts to this problem. Can it be attacked? Or a BIOS attack, or things that I cannot do otherwise. Our networks have a lot of legacy devices that we are using in production. And with people working remotely more and more, what I need to understand continues to expand. By being able to test a wide variety of devices, I can see how various devices respond to a specific tool or situation. Do things break? I have crashed production core switches due to devices that are “sensitive” to specific packets. Understanding how some devices do respond to scans or automated checking or whatever our tools want to do, gives me an understanding of what 'could' happen when it used in real life.
And the OnDemand mobile app is pretty slick. A new device would make my life so much easier to leverage courses on that platform.
Creating my own home lab was fundamental to starting and developing my cybersecurity career. What I love about devices like these is you can do everything from learning how devices connect to and communicate on wireless networks, to more advanced networking and system activities such as setting up your own DNS, Webserver, or Mailserver. Once you have a home lab configured, run various tools to monitor, deconstruct and analyze the network activity, from network sensors such as Snort or Wireshark to more active scanning such as Nmap. Then run your own attacks and deconstruct those attacks, both from a network and system level. The fundamentals you learn from creating, interacting and managing such a home environment will give you the technical skills you need to succeed as a security professional.
One great way to expand your knowledge is to choose a device with an operating system you aren’t familiar with or don’t use daily and put it through its paces - Android people, get an iOS device and vice versa.
I have always enjoyed a good book in the evenings. Although they usually are of the science fiction genre, I have a few shelves of pen testing, defensive, coding and malware analysis books that I'm always reaching for while work. When I finally purchased an iPad, it opened up a whole new world of always having the right virtual book on hand when I need it most, whether it’s at home, the office, or boarding a flight to a client site and I need to refresh on a new subject. The iPad has become by work library to go.
But SANS really has really upped their game in providing content to students. Those huge stacks of SANS books are also available to students in electronic form. Loading them into the iPad gives you the highest quality of content all in your fingertips.
And after reading about a new pen testing technique, clip on that Magic Keyboard, and log into your network and go try it out.
Devices such as iPads and Galaxy Tablets are often on the exceptions list of Network Access Control (NAC) devices, allowing network access without having to authenticate to a captive portal server. Physically having one of these devices allows you to practice trying to emulate it with tools such as Scapy. This can potentially allow a penetration tester access to a target environment using a Linux OS, without having to authenticate.
I use mine for the course PDFs and references while doing the awesome exercises. This way, I have my desktop maximized for the virtual machines I'm using.
Turn your new iPad Pro into your InfoSec Career Secret Weapon. Use Sidecar to turn your iPad into an extra, portable monitor for your Mac. This is great for technical documentation while you are coding or having your class books up while making flash cards to study for a GIAC exam. The app Procreate is amazing for creating network and application diagrams (especially if you have an Apple Pencil). Use OmniFocus to master the ways of Getting Things Done and send your productivity level to the moon. Take pictures of whiteboards and save them to annotate later in the native Photos app. With your new iPad, you can boost your effectiveness, productivity, and creativity to help you have a more enjoyable InfoSec career.
The deeper you dive into how a computer program works, the more you find yourself reading articles, books, and looking up concepts and techniques. In SEC660, we spend over two days elbow-deep in assembly code, trying to understand what goes on in that processor at the moment of memory corruption. You'll want to read up on the inner workings of that beast pretty quickly. I wouldn't travel without my iPad to read assembly language e-books and articles I set aside during the year, and just dig through C code and disassembled executables trying to make sense of their logic and hunting for exploitable conditions.
11" tablet is probably the perfect size for accessing the PDFs for the class books. I use the built in Books app - but I wonder if a separate app created to store all of your SANS coursebooks and cache your password would be useful? Ooohh – I got it – a SANS Cheat Sheet App!
These mobile devices are great testing targets to put in practice your mobile offensive, pen-testing and research skills and knowledge against both modern mobile platforms, iOS or Android, without putting at risk your production devices. In the SEC575 Mobile Pen-testing and Ethical Hacking course we cover multiple attack vectors you can try against your new mobile device, or the apps running within, no matter if it is iOS or Android based, or against the new mobile devices from your colleagues registering for other SANS classes… with their authorisation, of course ;-). Never stop practicing and improving your hands-on skills...
I would use the hardware to first of all, perhaps learn something new and explore a bit. With Samsung Tablet I would explore some of the other app-stores, perhaps work on a way to use the ADB to automatically fetch packages, disassemble them and look for interesting strings and static code analysis. For the iPad I would first of all learn the operating system, it would likely be helpful for me to better understand the attack surface and other struggles people around me might face with the device.
I mean, you can use it with the updated OnDemand mobile platform. Or, umm... Squid Game? (-:
“An Android tablet is an awesome way to perform quick wireless assessments. You can inventory APs and client devices, discover hidden (and potentially malicious) networks, and even map your findings to the physical world by taking your tablet on the move. Add in the ability to load up a Linux distribution and scripting languages like Python, and a well-equipped Android tablet can be a great way to access your favorite tools without lugging your workstation around; a real asset in maintaining stealth during an on-site penetration test.”
You can use the iPad/Galaxy as a second monitor in class using sidecar or a similar technology. We recommend bringing a second monitor for labs, etc.