Passed GPEN
Welp finally took the exam today and passed with an 82. Woohoo! It is definitely not an easy exam and while I didn't score the highest, I'm glad I studied as much as I did and brought in my notes and such. I have to say that even though this is a written exam, it does stand it's own against eCPPT and OSCP. I've attempted all three exams (work got in the way of the eCPPT try) and while OSCP is definitely the most challenging, they all really test you on your knowledge. I feel like people have made the comparison before, but I felt OSCP made me a better hacker but GPEN made me a better penetration tester. All have different approaches and styles of teaching but really drive home the concepts (unlike the good ole CEH).
For those that are interested here's my quick take on all the exams.
GPEN - Really teaches you the methodology and approaches to various situations while also covering the entirety of conducting a penetration test. Doesn't go very deep on web applications or actual exploitation (Focused on metasploit) but does a good job of covering reconnaissance and post exploitation. FOCUS: Methodology, Preparation and Reporting
OSCP - Much more into the exploitation of systems, as well as basic exploit development. I definitely learned more spending time in the labs then from any other resources out there. Exam is mainly difficult because of the time crunch. FOCUS: Hands on exploitation and sufferance
eCPPT - great combination of material, seems like an slightly less OSCP sprinkled with GPEN stuff. Labs are different then OSCP, you can run through them or have a walkthrough guide show you how to do them, I prefer this method but you may not learn as much as trying harder for the OSCP. I felt they could of done a better job with the buffer overflow lab. Exam is much more relaxed then OSCP since you have 7 days in the environment and 7 for the report. FOCUS: pivoting through network and REPORTING (huge in the exam)
eJPT - This should be the replacement for CEH. The course is a great introduction and gets you doing hands on exercises. The exam is great since your not thrown into a full out pen test like it's big brother eCPPT or OSCP, but instead your put in an environment where you have to hack into the machines to find information and flags in order to answer questions. I love this format and definitely HIGHLY RECOMMEND this course/exam for anyone even slightly interested in security (offense or defense). FOCUS: methodology and basic exploitation and reconnaissance
CEH - Felt like Security+ about pen testing tools. Not a very difficult exam, but felt boring because it's 125 questions. I wouldn't recommend getting this unless it's for a specific job requirement. FOCUS: Attack types and tools
My recommendation for beginner to a wannabe pen tester (me) cert path if you have no limit on funds:
Security+ -> CEH -> eJPT -> GPEN -> eCPPT -> OSCP
This is just my opinion but it's more or less the path I'll be taking since I haven't passed OSCP or eCPPT yet. Once I get back from this deployment I'll be back at it and hopefully knock them out sooner rather then later. Considering going for eLearnSecurity's new PTX afterwards. I would love to learn red team/threat emulation tactics as opposed to more exploit development stuff with OSCE/GXPN.
For those that are interested here's my quick take on all the exams.
GPEN - Really teaches you the methodology and approaches to various situations while also covering the entirety of conducting a penetration test. Doesn't go very deep on web applications or actual exploitation (Focused on metasploit) but does a good job of covering reconnaissance and post exploitation. FOCUS: Methodology, Preparation and Reporting
OSCP - Much more into the exploitation of systems, as well as basic exploit development. I definitely learned more spending time in the labs then from any other resources out there. Exam is mainly difficult because of the time crunch. FOCUS: Hands on exploitation and sufferance
eCPPT - great combination of material, seems like an slightly less OSCP sprinkled with GPEN stuff. Labs are different then OSCP, you can run through them or have a walkthrough guide show you how to do them, I prefer this method but you may not learn as much as trying harder for the OSCP. I felt they could of done a better job with the buffer overflow lab. Exam is much more relaxed then OSCP since you have 7 days in the environment and 7 for the report. FOCUS: pivoting through network and REPORTING (huge in the exam)
eJPT - This should be the replacement for CEH. The course is a great introduction and gets you doing hands on exercises. The exam is great since your not thrown into a full out pen test like it's big brother eCPPT or OSCP, but instead your put in an environment where you have to hack into the machines to find information and flags in order to answer questions. I love this format and definitely HIGHLY RECOMMEND this course/exam for anyone even slightly interested in security (offense or defense). FOCUS: methodology and basic exploitation and reconnaissance
CEH - Felt like Security+ about pen testing tools. Not a very difficult exam, but felt boring because it's 125 questions. I wouldn't recommend getting this unless it's for a specific job requirement. FOCUS: Attack types and tools
My recommendation for beginner to a wannabe pen tester (me) cert path if you have no limit on funds:
Security+ -> CEH -> eJPT -> GPEN -> eCPPT -> OSCP
This is just my opinion but it's more or less the path I'll be taking since I haven't passed OSCP or eCPPT yet. Once I get back from this deployment I'll be back at it and hopefully knock them out sooner rather then later. Considering going for eLearnSecurity's new PTX afterwards. I would love to learn red team/threat emulation tactics as opposed to more exploit development stuff with OSCE/GXPN.
Comments
-
averageguy72 Member Posts: 323 ■■■■□□□□□□Congrats!CISSP / CCSP / CCSK / CRISC / CISM / CISA / CASP / Security+ / Network+ / A+ / CEH / eNDP / AWS Certified Advanced Networking - Specialty / AWS Certified Security - Specialty / AWS Certified DevOps Engineer - Professional / AWS Certified Solutions Architect - Professional / AWS Certified SysOps Administrator - Associate / AWS Certified Solutions Architect - Associate / AWS Certified Developer - Associate / AWS Cloud Practitioner
-
JoJoCal19 Mod Posts: 2,835 ModCongrats on the pass!Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework -
Info_Sec_Wannabe Member Posts: 428 ■■■■□□□□□□Congratulations! Thanks for the review and info!X year plan: (20XX) OSCP [ ], CCSP [ ]
-
ARGHtur Member Posts: 8 ■□□□□□□□□□Congrats... and thanks for the comparison... guess I'm doing OSCP next