GPEN after OSCP?

McxRisley

So I have just finished the OSCP course and scored more than enough points to pass on my exam(just waiting on the official confirmation email) and I am currently trying to decide what my next course will be. I was thinking that GPEN was a good option but I was hoping for some additionaly insight from those who have either done the GPEN or both.

Basically is there any material in the GPEN that would be of use to me? any key topics that it covers that are beneficial? or should I just go for the GXPN?

TechGromit

Someone claimed that if you can pass the OSCP, that the GPEN was passable without taking the course. The only sure fire way to verify that is to buy a practice exam, if you can do well on the practice exam, then you should be able to pass the real exam.

McxRisley

I don't wana just take the exam, if nothing in this course has any value or is worth learning after doing the OSCP then i will spend my money on a better course

Ertaz

McxRisley wrote: »

I don't wana just take the exam, if nothing in this course has any value or is worth learning after doing the OSCP then i will spend my money on a better course

I took the GPEN course. One of my classmates was a veteran pentester from trustedsec. He left after day 2, felt his time was wasted...

Danielm7

From what I've been told it doesn't sound like you're get a good ROI from doing the GPEN if you already have the OSCP.

xXxKrisxXx

Hey, congrats on earning your OSCP. I tried challenging GPEN after earning my OSCP and I ended up failing it. I went in somewhat cocky and didn't have course books or study material. Eventually I ended up taking SEC560 a few years later after earning the OSCP and earned the GPEN after taking the course. I found the material fantastic, but if you already have the OSCP, I'd move onto a more advanced pentesting course (GXPN, OSCE, etc).

BlackBeret

I purchase the PWB course a long time ago, upgraded the material to PWK, went through it, then challenged the GPEN and scored a 92. I had a coworker who had taken it recently and wrote down all of the tools covered in his books for me. I printed the man pages and brought them with me, he was right, 60% of that test seemed like it was about which tool and switch to use at a certain time. I later jumped back in the labs and got OSCP after some serious work.

I honestly don't think you'd learn much from the GPEN course. The majority of the value in SANS comes from the instructors who go in to more details, stories, advice, and can gear things towards what you need, but the course material itself is below PWK/OSCP in my opinion. Also, offsec should be releasing their Web course online soon and GWAPT is weak, I'd avoid that as well if I were you.

GXPN is a different beast. Worth the time.

[email protected]

BlackBeret wrote: »

I purchase the PWB course a long time ago, upgraded the material to PWK, went through it, then challenged the GPEN and scored a 92.

Forgive my ignorance, is a 92 a passing score for a GIAC exam? I have never taken a course of theirs and don't know the scoring system.

MrAgent

I think it varies on exam, but I think its 72 for most exams.

McxRisley

Thanks for all of the input guys! after reviewing the curriculum and all of your input I have decided to just purchase a membership to pentester academy and work on a few of the courses there, mainly the python,javascript and assembly courses. After that I think I will move on to GXPN or something of a similar level.

UnixGuy

Have a look at eLearnSecurity too. While not as popular or known by HR/hiring managers as SANS, their handson training and labs are well worth the money

TacoRocket

They are fantastic! Took the PTS (eJPT) and have signed up for their PTP (eCPPT). Look forward to finishing it when I have free time!

UnixGuy wrote: »

Have a look at eLearnSecurity too. While not as popular or known by HR/hiring managers as SANS, their handson training and labs are well worth the money

UnixGuy

Agreed! For the price and the way the courses are structured, eLearnSecurity are easily my favourite training!

McxRisley

I had looked into ELS before and I chose to do OSCP instead and here's why. ELS is VERY metasploit heavy and doesnt really give you the experience of hand jamming your way through boxes. Also after earning the OSCP none of thier courses really have any value to me since all of the topics covered by them I already know.