Passed GPEN

Ac3Ac3 Registered Users Posts: 4 ■□□□□□□□□□
Hi Guys,

Another lurker here in the forum and now doing its first post to join the fray. Been here for few months and now going to be part of this community! I owe this all to you guys..

First of all, thank you very much for providing all the name of the books, materials and insights on how to pass GIAC Exams. This website rocks!

Now let me tell you my story for GPEN. I don't see this certification being taken much on here.

I have worked as a workstudy for this course last year. An awesome experience for anyone who wants to venture on GIAC exams. You will not regret it! promise..

Materials Used.
1. Your own SANS Index - This is a must! you need to create the SANS index on your own. This is to familiarize yourself with the book and where those information are located. My index was 40 pages long.

Interest Book Details Information
802.11 handshake B5-12 PRobe authenticate associate
ACK scan B2-31 ACK- Acknowledging packets

NOte: I got this there from one of the poster. Sorry if i forgot who was it from. Thank you very much!

2. Red Team Field Manual - For providing the quick command lookups. This is very handy
3. My own version of the Red Team field Manual - UPdated it to include scapy, those metasploit minutes, any ********** from SANS itself and some theories from the book. You can also add those quick notes. Those info which are not part of the REd Team Field Manual, i had added it there.
4. Ethical Hacking and PEnetration Testing Guide - Rafay BAloch
I find this similar to the SANS material. Highly recommended.
5. Penetration Testing : A Hands-On Introduction to Hacking by Georgia Weidman
This is also good. I find all the labs here easy to follow
6. Metasploitable and Kali LInux
Doing labs.. you need to learn the tools by heart.
7. SANS Materials
Since i was with the workstudy, I had the chance to gain access on the OnDemand Materials, Books and MP3s. I listened to the MP3 on my way to work and do the labs after office. You really devote time here.

9. Metasploit unleashed
For metasploit sections.

Experience on the Exam
I did have 2 practice exam before the actual exam.
My first attemps - Failed - 70 . Didnt use any materials. I did panicked alot and had a lot of mistakes. DId this 2 weeks before the actual exam. This gave me time to identify my weakness and rectify it before the big day
2nd Attempt - Passed on the practice exam - 86 - This time i did use all materials. More calm than ever and able to go through it smoothly. Took this 5 days before the big day.
Actual Exam - Passed it and around 80. I noticed this exam really caters on those seasonal pentester. More on tools and how you use it. You really need to know the tools and those sections by heart. Think about doing your pentest answering WHY you use this settings. WHY this turn out to be this.. WHAT will happened if you use this. You need to deep dive on your tools and not just run it and leave it. real life Experience + Index is your main arsenal. The exam is similar to the practice exam. DO NOT MEMORIZE the practice exams. Learn each sections. You need to have a hands on experience on all the tools presented on those books above. Practice Practice and PRactice.

My experience
A sysad guy who just started infosec. Did cehv8 last year and now doing GIAC Exams.


What is next for me?
Rest for a while then go for another GIAC Exam. or probably OSCP

Glad to be here at


Sign In or Register to comment.