Passed GPEN

airzeroairzero Posts: 126Member
Welp finally took the exam today and passed with an 82. Woohoo! It is definitely not an easy exam and while I didn't score the highest, I'm glad I studied as much as I did and brought in my notes and such. I have to say that even though this is a written exam, it does stand it's own against eCPPT and OSCP. I've attempted all three exams (work got in the way of the eCPPT try) and while OSCP is definitely the most challenging, they all really test you on your knowledge. I feel like people have made the comparison before, but I felt OSCP made me a better hacker but GPEN made me a better penetration tester. All have different approaches and styles of teaching but really drive home the concepts (unlike the good ole CEH).

For those that are interested here's my quick take on all the exams.

GPEN - Really teaches you the methodology and approaches to various situations while also covering the entirety of conducting a penetration test. Doesn't go very deep on web applications or actual exploitation (Focused on metasploit) but does a good job of covering reconnaissance and post exploitation. FOCUS: Methodology, Preparation and Reporting

OSCP - Much more into the exploitation of systems, as well as basic exploit development. I definitely learned more spending time in the labs then from any other resources out there. Exam is mainly difficult because of the time crunch. FOCUS: Hands on exploitation and sufferance

eCPPT - great combination of material, seems like an slightly less OSCP sprinkled with GPEN stuff. Labs are different then OSCP, you can run through them or have a walkthrough guide show you how to do them, I prefer this method but you may not learn as much as trying harder for the OSCP. I felt they could of done a better job with the buffer overflow lab. Exam is much more relaxed then OSCP since you have 7 days in the environment and 7 for the report. FOCUS: pivoting through network and REPORTING (huge in the exam)

eJPT - This should be the replacement for CEH. The course is a great introduction and gets you doing hands on exercises. The exam is great since your not thrown into a full out pen test like it's big brother eCPPT or OSCP, but instead your put in an environment where you have to hack into the machines to find information and flags in order to answer questions. I love this format and definitely HIGHLY RECOMMEND this course/exam for anyone even slightly interested in security (offense or defense). FOCUS: methodology and basic exploitation and reconnaissance

CEH - Felt like Security+ about pen testing tools. Not a very difficult exam, but felt boring because it's 125 questions. I wouldn't recommend getting this unless it's for a specific job requirement. FOCUS: Attack types and tools

My recommendation for beginner to a wannabe pen tester (me) cert path if you have no limit on funds:
Security+ -> CEH -> eJPT -> GPEN -> eCPPT -> OSCP

This is just my opinion but it's more or less the path I'll be taking since I haven't passed OSCP or eCPPT yet. Once I get back from this deployment I'll be back at it and hopefully knock them out sooner rather then later. Considering going for eLearnSecurity's new PTX afterwards. I would love to learn red team/threat emulation tactics as opposed to more exploit development stuff with OSCE/GXPN.

Comments

  • averageguy72averageguy72 Senior Member Posts: 283Member ■■■□□□□□□□
    Congrats!
    CISSP / CCSP / CCSK / CRISC / CISM / CISA / CASP / Security+ / Network+ / A+ / CEH / eNDP / AWS Certified DevOps Engineer - Professional / AWS Certified Solutions Architect - Professional / AWS Certified SysOps Administrator - Associate / AWS Certified Solutions Architect - Associate / AWS Certified Developer - Associate / AWS Cloud Practitioner
  • JoJoCal19JoJoCal19 California Kid Posts: 2,772Mod Mod
    Congrats on the pass!
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • kMastaFlashkMastaFlash Posts: 1,012Member ■■■■□□□□□□
    Congrats bro! What's next for 2018?
    2018: CCSK
    2019: CWSP,Cloud+,Project+,CASP,PenTest+,CWNA,CCNA Security,GXPN,GREM
    2021: LPIC-2,JNCIS-ENT,eLearnSecurity Courses
  • Info_Sec_WannabeInfo_Sec_Wannabe Senior Member Posts: 370Member ■■■□□□□□□□
    Congratulations! icon_thumright.gif Thanks for the review and info!
    Three year plan: (2018) CISSP [X] and eJPT [ ]; (2019) eCPPT [ ]; (2020) OSCP [ ]
  • Bjones1976Bjones1976 Posts: 20Member ■□□□□□□□□□
    icon_cheers.gificon_cheers.gif
  • ARGHturARGHtur Posts: 8Member ■□□□□□□□□□
    Congrats... and thanks for the comparison... guess I'm doing OSCP next icon_smile.gif
Sign In or Register to comment.