SANS GPEN Supplemental resources/study guides/the whole kit and kaboodle :)

[Deleted User]

Hey Forum

So I have started my journey to become a penetration tester and have been taking the OSCP course and I paid for a GPEN exam attempt as well (ouch my pocket hurts from the 3rd degree burn ) I am almost done with the OSCP course videos/handbook I have ch 13 and 18 left to do and then just hack away in the labs! But anywho, I have a small library of penetration testing books ranging from The Hacker Playbook2, the Georgia Wideman book, Multiple books from Packt publishing with Kali linux the security testing books by Daniel Dieterle and a few books on Python for pen testers. I also purchased a few courses on penetration testing from SkillWise/Udemy (I believe that is the name) I also was able to snag a copy of the SANS SEC560 courseware from ebay as well (ssshhh don't tell)

With that said, what other materials are highly looked upon when preparing for OSCP and GPEN? Don't want to fail these exams as they cost me a lot of money!! Thanks for your help!!!! Happy Holidays as well and Happy Cyber Monday!!

636-555-3226

Prepping for the GPEN is easy - you just need the books and a good index. GIAC tests aren't hard. The value from the SANS/GIAC program is in using the materials as a foundation upon which to build your real-world skills. I've met a few people who have a GIAC cert but never really learned the material from the class. All you need to do is ask them a question or two that wasn't directly in the materials and you'll know if they have the paper GIAC cert or if they actually took that foundation and built a solid understanding of the material through extra hard work and effort.

Being a good pentester means you need to live in this world. Download and learn how to use every tool mentioned in all of your studies. While learning the tools, create a workflow checklist that you can use with real-world security testing.

There are many good sites with pre-built workflows to help start your own, some high level, some deep. Two to peruse in your free time:

Penetration Testing Framework 0.59

The Penetration Testing Execution Standard

Now go forth and reap the pwnage, young padawan

[Deleted User]

I hope this isn't a dumb question and I bet this has been asked a million times but how do I make a good index? Thanks for the speedy response as well!

The only problem with buying the courseware on ebay is that I don't know if it is the most up to date version of the courseware. The copyright says 2016 so I'm guessing it's the most recent but I see some with different color covers?!

cyberguypr

In before ethical conundrum of buying SANS books off eBay.

Having said that, this is how I index. Some people also do a thousand colored tabs on the books but I don't like that approach.

[Deleted User]

So what exactly is tve problem with buying courseware on ebay? Besides their terms i think it would bring more customers to take their
exams. Thanks for y the index link

cyberguypr

Second page of every book says "User may not sell, rent, lease, trade, or otherwise transfer courseware in any way, shape, or form without the express written consent of the SANS Institute." I highly doubt those eBayers selling have said written consent.

[Deleted User]

Ooohh good to know! Well there are quite a few postings on ebay for courseware for SANS certs!

bigdogz

...anyway. <hijacking thread>
How can I study and pass this exam without the SANS material or am I just asking too much?
Are the 2 resources in post #2 good enough?
I spent my load on one SANS class, the CCSP, and I am running low on funds, otherwise I would pay for the class.

JoJoCal19

bigdogz wrote: »

...anyway. <hijacking thread>
How can I study and pass this exam without the SANS material or am I just asking too much?
Are the 2 resources in post #2 good enough?
I spent my load on one SANS class, the CCSP, and I am running low on funds, otherwise I would pay for the class.

There is a user who used to frequent these boards, dynamik who challenged all of his GIAC certs. Here's a thread linked to about it, as well as what he used for each exam.

https://www.ethicalhacker.net/forums/viewtopic.php?f=90&t=11757#p62170

I've challenged every SANS certification I have, with the exception of one that I got for free for participating in a study. The nice thing about SANS/GIAC is that they're vendor neutral/open-source whenever possible, so a lot of the information is usually already floating around somewhere. I go through the two practices you get with a challenge, and I make note of every tool, technique, etc. that is mentioned anywhere. I combine this list with the day-by-day breakdown of the corresponding course, and then create an outline in Word for each topic. Then I research.

I include help output, man pages, examples, workflows, etc. I usually end up with about 400+ pages for each exam. I also include anything related I come across while doing research and think might be applicable. For example, if I think a NIST document is relevant, I read through that and include it in the printout I bring in with me. The thing about doing all this work is that you learn the materially REALLY well. I often only end up referring to it a few times throughout the exam, and my lowest score so far is 85%.

I wouldn't try to match up other courses because they're just not going to fit well. For example, the OffSec courses (as much as I love [hate] them), just don't map to GPEN and GXPN. I haven't done the Hacker Academy Forensics module. While it will probably help some, I doubt it will prepare you for the exam.

Here are a few recommendations off the top of my head:
GSEC - Network Security Bible
GPEN - I didn't prepare for this one since I do pen testing full time; I think I even gifted my practice exams. I'd probably go with the usual suspects of Hacking Exposed, Gray Hat Hacking, Penetration Tester's Open Source Toolkit, the Metasploit book, etc.
GCFA - File System Forensic Analysis, and 3-4 of the new Syngress Forensic books
GCIH - Real Digital Forensics (probably brought this to GCFA as well), NIST 800-61 - Look at the course page, only one day is incident handling and the rest are hacker techniques. You should be in good shape if you have GPEN under control and have a good handle on the six steps.
GCIA - Multiple Bejtlich books, The TCP/IP Guide, the official Snort manual
GWAPT - WAHH2, Hacking Exposed Web Apps (3rd, I think), tons of OWASP material
GAWN - Haven't done this one, but the resources you listed will fall ridiculously short. The Hacking Exposed Wireless book will probably be the best single resource, but you'll probably have to research a lot of items (RFID, Zigbee, Bluetooth, etc.) to be fully prepared. This is a very broad course.
GXPN - Did the course for this one
GCFW - In addition to the GCIA material (lots of overlap -- a solid grasp on TCP/IP will go far with both of these), just spend time with pfSense, iptables, etc. and take notes for anything new on the practice exams

I haven't done either GCWN or GCUX, but again, just do research. You'll probably be able to cobble together what you need from blogs, Technet, etc. You may not find dedicated books on this subject, but security may make up 25-30% of a general book on Windows or *nix.

bigdogz

Thanks JoJoCal19 !!!

iBrokeIT

Although most of it probably is outside the scope of the test: https://docs.google.com/document/d/18wQPkV7-6etOQlbM6tBpl3Mbsw1aaARCvFgzJEiTlV4/edit#heading=h.pa1i98poowge

bigdogz

Thanks iBrokeIT !!!
I appreciate the assistance.

[Deleted User]

Thanks everyone for your input!! Just wondering but I since I did buy some of the GPEN courseware on ebay, I noticed that there is another posting with for the SEC560 courseware but has a different cover with a white and blue cover where my courseware I bought has red, blue and some tan. Just wondering if anyone can tell me if my courseware is still current as I feel I kinda screwed myself with buying this courseware if it is not the most current version. The seller said it was for 2016 and it does say 2016 in the manuals itself.

In otherwords, is the red,tan and blue cover the most current courseware or is the white and blue covers the most current courseware? I feel that @ this rate of buying new courseware, I should just buy the course from SANS instead of just doing it on the cheap.


Is it recommended to attempt GPEN without the course? Can I still take my courseware into the exam since it is SANS courseware? Is mine still relevant where I don't need to spend another $900 on this courseware or have to spend 6k on the course through SANS? Will I be allowed to take my current owned courseware into the exam?


This forum is the best!! Glad I'm more actively participating more!!

cyberguypr

What copyright year and version are the books? The blue covers are the latest. Having said that, there are always changes between versions. How big are the changes? That I can't answer because I have no idea. If you have early 2016 books I would bet changes are less than if you have late 2014. Who knows.

You can take ANY printed material into the test. That means Harry Potter, a Bible, or A Tale of Two Cities are all fair game

bigdogz

kMastaFlash,

If you are going to buy the books, I would suggest that you just sign up for the course or read the other books as JoJoCal19 posted from dynamik. From your original post it looks as though you already knew about the EULA and buying them from someone who went to the class. I would rant on this post but I don't have the cycles for the tirade, the irony from your CEH, or the fact that the SANS head honchos grab us by the nads and squeeze with a broken smile when they collect hard earned money from us or our corporations and they raise the price for the courses and exams. Our only response from trying to learn more and compete in a global economy is "Thank you sir, may I have another???!!!"
One thing on eBay is buyer beware.

I do not know if you purchased the books and when or if the class was updated. You do get updated material once you have taken the course.

I hope this helps.

[Deleted User]

My version says: Sans560_A13_03. This courseware I see on ebay is v2016_A13_06

From posting on ebay: 1) SANS Courseware 560 Original Books Set of 7 (6 + 1 BootCamp Books) (v2016_A13_06) , (As Shown in Picture)

The copyright in the manuals says 2015/2016 and on the bottom of each page it says this: (copyright symbol) 2016 Ed Skoudis but on the page in the book it says Copyright 2015 so not sure which one it is.


So in otherwords, this courseware version is the most recent version?

http://www.ebay.com/itm/SANS-Security-SEC560-GPEN-Penetration-Tester-2016-with-Flash-Drive-MP3-Bonus-/282273877293?hash=item41b8d58d2d:g:MXcAAOSw5cNYPcw~

gwood113

White and blue cover (like in your link) is current. I just took it this year and that's what mine look like.

636-555-3226

SEC560 / GPEN was substantially redone in 2015. New materials (and test) I believe were released December 2015. If you don't have the blue and white color, I'd say there is a chance you have the older materials that may not help you as well on the exam

[Deleted User]

I know that it is "possible" to pass the GPEN without the courseware but since I don't have the money to buy the courseware on ebay or pay the 6k four the course through sans or do the work study program, besides the books I have in my personal library, what other books can I use to pass the exam? I was going to buy this courseware on ebay but don't have the $900 to spend for it!

gwood113

SANS is an expensive row to hoe. Have you ever thought about pursuing a different vendor's training until you can get an employer to subsidize your cost? Elearnsecurity Junior Penetration Tester is only $499 for courseware and many folks on the general infosec board speak highly of elearns products.

Edit: I reread and saw that you already committed to the GPEN and the old courseware. SANS "revises" their courseware about once a year (depends on course author). The revisions are often largely focused on rearranging where information is in the course (i.e. changing page numbers so old indexes won't work anymore). So the meat of the books should be valid for the most part. I would study the courseware then take a practice test and tailor the rest of your study based on your results.

LonerVamp

For the OSCP, from what I understand, everything you need is in the courseware and exercises, plus whatever you need to research while doing the labs. It helps to have some pre-existing knowledge of Windows and Linux administration, Python/C/Bash scripting, PowerShell basics, etc. But otherwise, I believe you largely re-apply concepts learned during the materials. If you can do the lab machines, you can do the exam.

[Deleted User]

So I thought I would provide a small update. Since I completed my goals for 2016, 2017 is going to be THE YEAR!!!! This year hope to complete all my main certifications I'm going to need for my career hopefully including GPEN, OSCP, OSWP, and a few small ones just for fun! Now I will be doing some here and there like renew my CCNA and do CISSP but I have been spending a lot of money and need to start saving now! With that said, I've started reading my GPEN courseware and making my index. I bought my exam attempt at the end of November so by the end of March , I need to take my exam for GPEN. Is it possible to pass the GPEN within this short amount of time? I'm already on page 64 of the first SANS book out of 5 and making my index as I go along. Any other suggestions for prepping for GPEN would be appreciated!! Thanks Forum!!

IaHawk

I would recommend just reading the material the first time, highlighting keywords/points. Once you have completed all books, go back and index each book.

quogue66

kMastaFlash wrote: »

So I thought I would provide a small update. Since I completed my goals for 2016, 2017 is going to be THE YEAR!!!! This year hope to complete all my main certifications I'm going to need for my career hopefully including GPEN, OSCP, OSWP, and a few small ones just for fun! Now I will be doing some here and there like renew my CCNA and do CISSP but I have been spending a lot of money and need to start saving now! With that said, I've started reading my GPEN courseware and making my index. I bought my exam attempt at the end of November so by the end of March , I need to take my exam for GPEN. Is it possible to pass the GPEN within this short amount of time? I'm already on page 64 of the first SANS book out of 5 and making my index as I go along. Any other suggestions for prepping for GPEN would be appreciated!! Thanks Forum!!

frame is definitely doable. I went through GPEN and passed the test in 5 weeks. The material is well laid out and pretty easy to pick up.
That time

TechGromit

cyberguypr wrote: »

Second page of every book says "User may not sell, rent, lease, trade, or otherwise transfer courseware in any way, shape, or form without the express written consent of the SANS Institute." I highly doubt those eBayers selling have said written consent.

I guess technically the buyer / purchaser of said materials wouldn't be in violation of the agreement. It's only the seller that would suffer the consequences if SANS found out.

kMastaFlash wrote: »

My version says: Sans560_A13_03. This courseware I see on ebay is v2016_A13_06

I really wouldn't worry about it, it's not they completely rewrite the books every year. Yes, there will be some minor differences, but I don't think it would be enough to worry about. So long as your material is less then two years old, I don't think it's going to make too much of a difference.

GirlyGirl

kMastaFlash wrote: »

My version says: Sans560_A13_03. This courseware I see on ebay is v2016_A13_06

From posting on ebay: 1) SANS Courseware 560 Original Books Set of 7 (6 + 1 BootCamp Books) (v2016_A13_06) , (As Shown in Picture)

The copyright in the manuals says 2015/2016 and on the bottom of each page it says this: (copyright symbol) 2016 Ed Skoudis but on the page in the book it says Copyright 2015 so not sure which one it is.


So in otherwords, this courseware version is the most recent version?

SANS Security SEC560 GPEN Penetration Tester 2016 with Flash Drive, MP3 + Bonus | eBay

I don't want to be the bad news bear but the course information you have is OUTDATED. I just pressed play on my first day of OnDemand videos and your version and the one I am looking at on the screen are different. Considering the amount of money I've invested in SANS out of the pocket, I am not nice enough to tell you what version is the updated one.


P.S. The good news is that SANS probably didn't change every single page of every single book. So you still have a chance.

Have a great day,

Girlygirl

gwood113

kMastaFlash wrote: »

I bought my exam attempt at the end of November so by the end of March , I need to take my exam for GPEN. Is it possible to pass the GPEN within this short amount of time?

Definitely.

bigdogz

This is one reason why you buy the materials instead of going on the cheap, breaking the EULA and the code of ethics you agreed to when you have your CEH or CISSP.

[Deleted User]

So after reading the first of my courseware things are going ok!! Starting 560.2 today and throughout the week. I was going to pay for the course from sans but being broke and out of college recently, gotta give me some credit for studying!! Im just nervous for taking the actual exam or my practice tests for that matter any support for making it through this??

[Deleted User]

So I am halfway done with 560.2 book. Just wondering besides the 2 tests you get with your SANS attempt, can anyone point me in the direction towards legit practice exams for the GPEN? I don't want to use my 2 practice exams until I'm fully ready. I'm just curious to see if there are any online that I can use just to gauge my knowledge as of now just to prep myself for my practice exams or something close. Please don't post unethical "practice exams"

iBrokeIT

You don't prep for a GIAC exams by grinding through endless questions. Read the material and do the labs without looking at the answers. You make up for the lack of practice exams by doing the labs and making sure you understand the concepts.

For the practice exams, right before you answer the first question make sure you turn on answers in the upper right hand corner. I would recommend downloading a screenshot tool like ScreenHunter to take a screenshot of the questions and answers for a more thorough review and follow up after you complete each practice test.