Need Advice on taking up the GPEN

Hey guys!

I'm currently a security engineer focusing mostly on projects, monitoring, VA and user account management.

In my spare time, I perform some internal testing, like poking around internal web apps, infra and network devices to hunt for mis-configuration and vulnerabilities using Kali and Powershell.

I'm recently considering taking up the GPEN as a means of improving my pen-testing skills.

In terms of difficulty, is my assumption correct:

eJPT > GPEN > eCPPT > OSCP?

I'm intending to sign up for the eCPPT in a few month's time to supplement the GPEN.

Or will the GPEN supplement the eCPPT instead?

Let me know your thoughts and please, give me your advice!

Find more posts tagged with

Comments

Mike7

Hi @nebula105, long time no see!

Getting your company to pay for the course or self-sponsored? GPEN is available July 10th to 15th in Singapore. You will have to wait and register for it through COSEINC or BanffCyber to get CITREP+ funding.

You may want to consider eCPPT first. Perhaps take the eCPPT and eWPT bundle, which is still half the cost of GPEN plus exam, before going for GPEN in July.

Are you going for CREST as well?

Maybe take CPSA exam with CITREP subsidy while doing your OSCP. Once you attain OSCP, pay processing fee to get CREST CRT.

So

eJPT -> eCPPT -> eWPT -> GPEN -> CPSA -> OSCP -> CRT

nebula105

Hey Mike!

Long time no see indeed

I'm getting the company to pay for the GPEN.

I completely forgot about the eCPPT and eWPT bundle package! Thanks so much for the reminder!

I'm just curious though, on your placement of the GPEN after eCPPT and the eWPT. Would you consider the GPEN tougher? I've read a few mini reviews around and they seem to confirm that:

1) some background knowledge in IT / IT Security will do
2) read, read and make sure your indexes are good,
3) make sure you're familiar with command line switches or just print and bring them to the exam.

I haven't taken a SANS course or a GIAC exam though, so I'm really curious about it.

As for CREST, most certainly! The path you suggested is the most sensible and cost effective. It's something I'll get to eventually.

Mike7

nebula105 wrote: »

I'm just curious though, on your placement of the GPEN after eCPPT and the eWPT. Would you consider the GPEN tougher? I've read a few mini reviews around and they seem to confirm that:

1) some background knowledge in IT / IT Security will do
2) read, read and make sure your indexes are good,
3) make sure you're familiar with command line switches or just print and bring them to the exam.

Just that GPEN is in July.

Did not taken GPEN, so. SANS exam such as GPEN are open book with all questions from the course materials; you should be fine if you understand your material well and have a good index. The syllabus can be found at https://www.sans.org/event/tysons-corner-spring-2017/course/network-penetration-testing-ethical-hacking eCPPT is a 7-day performance based pen test with the syllabus at https://www.elearnsecurity.com/course/penetration_testing/.

Looking at both syllabus, I would think that GPEN provides a more gentle introduction since this is conducted in a classroom environment, and the exam is easier as it is MCQ. eCPPT exam being performance based will be more challenging, though you have weeks and months to go through the study material. You may want to do eCPPT later as per this review comparing eCPPT and OSCP, with some follow-up comments about GPEN

nebula105

Mike7 wrote: »

Just that GPEN is in July.

Did not taken GPEN, so. SANS exam such as GPEN are open book with all questions from the course materials; you should be fine if you understand your material well and have a good index. The syllabus can be found at https://www.sans.org/event/tysons-corner-spring-2017/course/network-penetration-testing-ethical-hacking eCPPT is a 7-day performance based pen test with the syllabus at https://www.elearnsecurity.com/course/penetration_testing/.

Looking at both syllabus, I would think that GPEN provides a more gentle introduction since this is conducted in a classroom environment, and the exam is easier as it is MCQ. eCPPT exam being performance based will be more challenging, though you have weeks and months to go through the study material. You may want to do eCPPT later as per this review comparing eCPPT and OSCP, with some follow-up comments about GPEN

You're absolutely right though.

My actual intention was to work through some parts of the eCPPT before diving into the GPEN.

But life has it's ways with my bank account and coughing up a thousand USD wouldn't be very good at the moment

.

Guess I'll just research on tools utilized in the eCPPT and GPEN, then try them out on my remaining lab time from the eJPT.

Thanks Mike