GPEN - Passed!!!

supasecuritybro

Just got home from taking the exam and it was pretty intense. It was my first go at a SANS exam and the whole experience really prepares you to learn the material. I can see how just getting the books and making an index can get you there but you really would be working hard against a clock to find the needed material. I was able to learn where certain topics were discussed after reviewing each book like five times getting the index right. I am glad I passed. On to the next one.

636-555-3226

Congrats. I use stuff I learned in 560 more than any other SANS course I've taken. What's next?

supasecuritybro

636-555-3226 wrote: »

Congrats. I use stuff I learned in 560 more than any other SANS course I've taken. What's next?

Thanks! I was already working on the eCPPT before I got selected for the 560 WorkStudy. I am going back to that since my job paid for it.

JoJoCal19

Congrats on the pass!! Do you think doing the labs in the material prepped you the best for the exam, or more memorizing what you read in the course material?

supasecuritybro

JoJoCal19 wrote: »

Congrats on the pass!! Do you think doing the labs in the material prepped you the best for the exam, or more memorizing what you read in the course material?

Both, you need to know what a command output looks like. Without that, knowing definitions and stuff like that will not help. There was a lot of questions where it wasn't exactly in the book but the idea was there, you had to know how to use the specific tool or method.

Robicus

Congratulations! I found the GPEN to be one of the harder ones I've taken. Great job again!

InCryptable

supasecuritybro wrote: »

On to the next one.

What are you taking next for a test? SANS courses?

Hornswoggler

Congrats!!!

edit: curious your thoughts on overlap between the GPEN/SEC560 and eCPPT?

clarkincnet

Congrats!

supasecuritybro

InCryptable wrote: »

What are you taking next for a test? SANS courses?

SANS courses are a bit steep. I think I can self-study for the GMON since looking at the requirements, I do a lot of that kind of work already and I have been messing with Security Onion a little. I signed up for another work study and hope I get selected. I am going to continue working on the eCPPT since I had to place it on hold since I was selected for GPEN workstudy.

supasecuritybro

Hornswoggler wrote: »

Congrats!!!

edit: curious your thoughts on overlap between the GPEN/SEC560 and eCPPT?

The GPEN is an excellent course and better taken in class so you can have the interactive lab work with it. I loved the class and Ed Skoudis is the truth when it comes to this stuff. The guy is so good. eCPPT really goes into the depth of PenTesting. You are doing some serious material with each section. The topics do overlap a little but eCPPT goes more in depth. As far as building from one part to the next, that’s the same. I signed up for the eCPPT before starting the GPEN so I placed it on hold to get the GPEN done.

InCryptable

supasecuritybro wrote: »

The GPEN is an excellent course and better taken in class so you can have the interactive lab work with it. I loved the class and Ed Skoudis is the truth when it comes to this stuff. The guy is so good. eCPPT really goes into the depth of PenTesting. You are doing some serious material with each section. The topics do overlap a little but eCPPT goes more in depth. As far as building from one part to the next, that’s the same. I signed up for the eCPPT before starting the GPEN so I placed it on hold to get the GPEN done.

...just curious (as I have not been following along, in case you already gave this info),
But how did you do the GPEN training? Was it via onDemand video training?

I'm getting ready to start the onDemand GPEN training - and wondering if maybe I should choose something else.
I just got done with GCIH and passing that seemed difficult...especially not using the tools much beyond the labs.

My understanding with GPEN...is that it is much more lab based and you are using the tools very extensively???

Hornswoggler

GPEN and GCIH here, throwing in my $0.02...

InCryptable wrote: »

...just curious (as I have not been following along, in case you already gave this info),
But how did you do the GPEN training? Was it via onDemand video training?

I took mine via Simulcast during Pentest Austin this past March. The classes were live and I did it from home 9a-5:30pm central time Monday through Saturday. There are some small pros/cons to Simulcast vs the other formats, but I felt it was every bit as good from a learning experience vs being there in person. The class was broadcast via GoToMeeting with access to the recorded video posted a day later for review. I was able to VPN into the three nights of NetWars and participate live along with the event (Coin-a-palooza so I earned my 504 and 560 challenge coins!!!).

Day 6 CTF I was paired up with 5-6 other Simulcast students but only 3 of us were actively working on it. We achieved the challenge and came in 3rd. Sometimes I work from home so the virtual team format felt normal and productive. Probably could have gained some time in person via direct delegation.

Pros vs live event:
No lugging around laptops and books.. all right there on my desk in the morning!
No need to get dressed, shower, or even brush teeth!

Cons vs live event:
On your own for snacks.

Passed my GPEN exam ~7 weeks after taking the course with a 94%. The materials are excellent and no disadvantage over the Simulcast format.

For reference I took 504 (GCIH) via SANSFire 2016 in DC. I miss the FOOD that was nearby the event hotel!!!

InCryptable wrote: »

I'm getting ready to start the onDemand GPEN training - and wondering if maybe I should choose something else.
I just got done with GCIH and passing that seemed difficult...especially not using the tools much beyond the labs.

My understanding with GPEN...is that it is much more lab based and you are using the tools very extensively???

Having done the GCIH first was a huge help in getting up to speed. These classes can be like drinking from a firehose over 5-6 days and it's better to keep up than get lost. GPEN will give you another chance (with more labs!!) to learn the tools, dive deeper, and discover ways to apply them in a testing scenario. Plenty of hands-on hacking but the real value to me is understanding Ed's approach to the business side of pentesting, the methodology, the discipline, thinking like a hacker, and applying the findings to maximize business value. From what I understand, it isn't the exploit hack-a-thon and priv escalation of PWK but will give you a structured approach to the different phases. More about getting credentials, then what you do with them (pstools, powershell, bash, remote shells, relays, etc). After the class I was able to apply it at work immediately. 560/GPEN is great but not the end of my journey for technical skills. Ed will tell you it's the business side (scope docs, reports, consulting, professionalism, etc) that make the big money.

There are more labs in 560 than 504, yes. Both are great experiences!!!

jjones2016

Congratulations! GPEN is definitely an eye opener. Great source of reference materials!!!

InCryptable

Hornswoggler wrote: »

GPEN and GCIH here, throwing in my $0.02...



I took mine via Simulcast during Pentest Austin this past March. The classes were live and I did it from home 9a-5:30pm central time Monday through Saturday. There are some small pros/cons to Simulcast vs the other formats, but I felt it was every bit as good from a learning experience vs being there in person. The class was broadcast via GoToMeeting with access to the recorded video posted a day later for review. I was able to VPN into the three nights of NetWars and participate live along with the event (Coin-a-palooza so I earned my 504 and 560 challenge coins!!!).

Day 6 CTF I was paired up with 5-6 other Simulcast students but only 3 of us were actively working on it. We achieved the challenge and came in 3rd. Sometimes I work from home so the virtual team format felt normal and productive. Probably could have gained some time in person via direct delegation.

Pros vs live event:
No lugging around laptops and books.. all right there on my desk in the morning!
No need to get dressed, shower, or even brush teeth!

Cons vs live event:
On your own for snacks.

Passed my GPEN exam ~7 weeks after taking the course with a 94%. The materials are excellent and no disadvantage over the Simulcast format.

For reference I took 504 (GCIH) via SANSFire 2016 in DC. I miss the FOOD that was nearby the event hotel!!!



Having done the GCIH first was a huge help in getting up to speed. These classes can be like drinking from a firehose over 5-6 days and it's better to keep up than get lost. GPEN will give you another chance (with more labs!!) to learn the tools, dive deeper, and discover ways to apply them in a testing scenario. Plenty of hands-on hacking but the real value to me is understanding Ed's approach to the business side of pentesting, the methodology, the discipline, thinking like a hacker, and applying the findings to maximize business value. From what I understand, it isn't the exploit hack-a-thon and priv escalation of PWK but will give you a structured approach to the different phases. More about getting credentials, then what you do with them (pstools, powershell, bash, remote shells, relays, etc). After the class I was able to apply it at work immediately. 560/GPEN is great but not the end of my journey for technical skills. Ed will tell you it's the business side (scope docs, reports, consulting, professionalism, etc) that make the big money.

There are more labs in 560 than 504, yes. Both are great experiences!!!

Thanks for taking the time to superbly write-up and summarize your experience. I really appreciate it.

Based upon everything I've read here on this post and these forums, I'll be choosing the GPEN for my next course! It'll be my 3rd SANS certification class in the past 3-4 months! I've made various contacts here on this website over the past couple of months and have received amazing support, notes, and guidance. Thanks again!

P.S. The snacks at the first two courses were eh...but yea, I guess I'm on my own for my own snacks this go-around. ...and I recommend brushing at least twice a day!

_nessie_

supasecuritybro wrote: »

Thanks! I was already working on the eCPPT before I got selected for the 560 WorkStudy. I am going back to that since my job paid for it.

Congrats
I passed mine this morning and was in the same situation. Also got selected for a work-study last month .. I used the eCCPT labs to prep a bit more for the GPEN .. wasn't really necessary but still fun

supasecuritybro

_nessie_ wrote: »

Congrats
I passed mine this morning and was in the same situation. Also got selected for a work-study last month .. I used the eCCPT labs to prep a bit more for the GPEN .. wasn't really necessary but still fun

CONGRATS!!

How did you like the eNDP?

quogue66

Congrats! GPEN was definitely one of the harder ones but it was also one of the funnest classes.

_nessie_

supasecuritybro wrote: »

CONGRATS!!

How did you like the eNDP?

Thanks.

Well, I now realize I didn't write a write-up on here like I did for some other certs. Shame on me.
I actually got into the eNDP for a particular reason ... I felt like I was 'missing' stuff for the PTP and thought it wasn't a bad thing looking at the other side first ..
It was quite a diversion, but still interesting .. from a defensive point of view, as said: other side.
I think it provides a nice overview on defensive measures and the reasons why you would/should implement them.
I also liked the exam where you have to crack up the defensive measurements and write a report on that.
I definately should write something up more in detail, but I'm not going to hijack your thread