Passed GPEN Yesterday!
globalenjoi
Member Posts: 104 ■■■□□□□□□□
in GIAC
Took the 560 course in Bethesda last month, and rushed to take the exam before the end of the year. Passed with a 94%, which felt pretty good. Definitely think the practice exams were quite a bit easier than the real exam, but I also think I got bombarded by password attacks and powershell stuff on the real test, stuff I was less prepared for. Overall, there's quite a bit of overlap between GCIH and GPEN, but the tools are less broad and a bit deeper. But getting the GPEN done means I managed to knock out 3 SANS certs in 12 months, so not a bad result.
Now I've gotta figure out what to hit in 2018. I'll be doing the 542 course in April, so between now and then I'm thinking of focusing solely on the eLearnSecurity course that I've barely touched. I'd like to aim for the OSCP track towards the end of the year, but I also have to pick an elective (GMOB, GPYC, GAWN, GXPN) to attend next fall. Open to any suggestions/feedback!
Now I've gotta figure out what to hit in 2018. I'll be doing the 542 course in April, so between now and then I'm thinking of focusing solely on the eLearnSecurity course that I've barely touched. I'd like to aim for the OSCP track towards the end of the year, but I also have to pick an elective (GMOB, GPYC, GAWN, GXPN) to attend next fall. Open to any suggestions/feedback!
Comments
-
TechGromit Member Posts: 2,156 ■■■■■■■■■□Congratulations. Seriously someone stop this guy, he's making the rest of us look bad.Still searching for the corner in a round room.
-
nisti2 Member Posts: 503 ■■■■□□□□□□Wow thats a great goal! Congratulation!2020 Year goals:
Already passed: Oracle Cloud, AZ-900
Taking AZ-104 in December.
"Certs... is all about IT certs!" -
JoJoCal19 Mod Posts: 2,835 ModCongrats on the pass!Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework -
averageguy72 Member Posts: 323 ■■■■□□□□□□Congrats!CISSP / CCSP / CCSK / CRISC / CISM / CISA / CASP / Security+ / Network+ / A+ / CEH / eNDP / AWS Certified Advanced Networking - Specialty / AWS Certified Security - Specialty / AWS Certified DevOps Engineer - Professional / AWS Certified Solutions Architect - Professional / AWS Certified SysOps Administrator - Associate / AWS Certified Solutions Architect - Associate / AWS Certified Developer - Associate / AWS Cloud Practitioner
-
Info_Sec_Wannabe Member Posts: 428 ■■■■□□□□□□3 SANS certs within 12 months!??! A big congratulations to you!X year plan: (20XX) OSCP [ ], CCSP [ ]
-
Randy_Randerson Member Posts: 115 ■■■□□□□□□□globalenjoi wrote: »Took the 560 course in Bethesda last month, and rushed to take the exam before the end of the year. Passed with a 94%, which felt pretty good. Definitely think the practice exams were quite a bit easier than the real exam, but I also think I got bombarded by password attacks and powershell stuff on the real test, stuff I was less prepared for. Overall, there's quite a bit of overlap between GCIH and GPEN, but the tools are less broad and a bit deeper. But getting the GPEN done means I managed to knock out 3 SANS certs in 12 months, so not a bad result.
Now I've gotta figure out what to hit in 2018. I'll be doing the 542 course in April, so between now and then I'm thinking of focusing solely on the eLearnSecurity course that I've barely touched. I'd like to aim for the OSCP track towards the end of the year, but I also have to pick an elective (GMOB, GPYC, GAWN, GXPN) to attend next fall. Open to any suggestions/feedback!
Congrats on the pass! If you are looking at those electives, let me give you some insight as I have a few of those certs:
GMOB - Only take this if you really plan on hitting Android phones hard and doing pen testing against apps. It is a super fun course though!
GAWN - Probably my favorite security class. Day 1 and 2 are packet heavy but then after that you are breaking stuff every day and all day. Very relevant to today's environments: both home and business
GXPN - If you thought GPEN was easy, this course will be humble you. Lots of network manipulation and smashing the Stack in both Windows and Linux. Fun course, but it made my eyes heavy
GPYC - Haven't taken the cert, but a fun class if you're a python nerd like me. For the most part, it is just a structured programming course though imo. -
globalenjoi Member Posts: 104 ■■■□□□□□□□Thanks all! Felt pretty good, but then I got confirmation that I kind of screwed myself... Took the test early, which ended the graduate "class" early, which resulted in an amendment in my GI Bill claim. It means I save some time on my GI Bill, but also shorted myself out of around ~$3,000 housing allowance I think. Not the end of the world, but worth keeping in mind for the future, as I've been using the housing chunks to pay for additional training where I can!Randy_Randerson wrote: »Congrats on the pass! If you are looking at those electives, let me give you some insight as I have a few of those certs:
GMOB - Only take this if you really plan on hitting Android phones hard and doing pen testing against apps. It is a super fun course though!
GAWN - Probably my favorite security class. Day 1 and 2 are packet heavy but then after that you are breaking stuff every day and all day. Very relevant to today's environments: both home and business
GXPN - If you thought GPEN was easy, this course will be humble you. Lots of network manipulation and smashing the Stack in both Windows and Linux. Fun course, but it made my eyes heavy
GPYC - Haven't taken the cert, but a fun class if you're a python nerd like me. For the most part, it is just a structured programming course though imo.
I appreciate the info! None of them really fit my current role, so it's a tough pick. I felt pretty comfortable with most of the GPEN content, but I've heard there's a decent gap between it and GXPN. I've got the pentest course from eLearnSecurity to work on for the moment, but I'm wondering if I'll be prepared enough by this fall for the GXPN course. I had planned to start the PWK course and prep for the OSCP towards the end of the year as well, but again, I'm not sure when I should start that with regards to my current knowledge/skill level. -
GirlyGirl Member Posts: 219globalenjoi wrote: »Thanks all! Felt pretty good, but then I got confirmation that I kind of screwed myself... Took the test early, which ended the graduate "class" early, which resulted in an amendment in my GI Bill claim. It means I save some time on my GI Bill, but also shorted myself out of around ~$3,000 housing allowance I think. Not the end of the world, but worth keeping in mind for the future, as I've been using the housing chunks to pay for additional training where I can!
This has been talked about on the forums in the past.
Long story short....You are basically saying you can use GI Bill/Post 911 to pay for SANS courses??..??..?? -
JoJoCal19 Mod Posts: 2,835 ModThis has been talked about on the forums in the past.
Long story short....You are basically saying you can use GI Bill/Post 911 to pay for SANS courses??..??..??
From what I remember, you can if you take them as part of either the Grad Certificate or the Master's degree.Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework -
globalenjoi Member Posts: 104 ■■■□□□□□□□This has been talked about on the forums in the past.
Long story short....You are basically saying you can use GI Bill/Post 911 to pay for SANS courses??..??..??
Yeah, I opted to do one of the Graduate Certificates through SANS Technology Institute, as it has lower entry requirements for someone new to the field like me. Started with the Core Engineering cert, but switched after the GCIH over to the Pen Testing cert. As far as I know, it's the only way to use the GI Bill to pay for a cert training like that. -
Randy_Randerson Member Posts: 115 ■■■□□□□□□□This has been talked about on the forums in the past.
Long story short....You are basically saying you can use GI Bill/Post 911 to pay for SANS courses??..??..??
Yes, you do their graduate program through SANS Technical Institute (STI). Regionally/Nationally accredited. -
Randy_Randerson Member Posts: 115 ■■■□□□□□□□globalenjoi wrote: »I appreciate the info! None of them really fit my current role, so it's a tough pick. I felt pretty comfortable with most of the GPEN content, but I've heard there's a decent gap between it and GXPN. I've got the pentest course from eLearnSecurity to work on for the moment, but I'm wondering if I'll be prepared enough by this fall for the GXPN course. I had planned to start the PWK course and prep for the OSCP towards the end of the year as well, but again, I'm not sure when I should start that with regards to my current knowledge/skill level.
I think you'll be fine with GXPN by then. Just keep your head in the game and by the time you get into it, you'll kick its rear. The big thing I can tell you is there is very little, basically none, on any phase OTHER than exploitation and post-exploitation. If you want to learn to how to do it all yourself instead of Metasploit: it will definitely be for you -
tito9955 Registered Users Posts: 1 ■□□□□□□□□□Hi globalenjoi,
Could you please share with us your study plan i have exam in March thank you. -
globalenjoi Member Posts: 104 ■■■□□□□□□□Randy_Randerson wrote: »I think you'll be fine with GXPN by then. Just keep your head in the game and by the time you get into it, you'll kick its rear. The big thing I can tell you is there is very little, basically none, on any phase OTHER than exploitation and post-exploitation. If you want to learn to how to do it all yourself instead of Metasploit: it will definitely be for you
I actually thought about making a separate post about this very subject: exploitation without Metasploit. I know the OSCP limits the use of the tool, but everything I've studied on so far has relied pretty heavily on the use of Metasploit. I definitely don't have a good understanding of crafting exploits, and I don't really know where to begin. This makes me think I may lean more towards the GXPN if it'll give me the edge on the OSCP.Hi globalenjoi,
Could you please share with us your study plan i have exam in March thank you.
To be honest, I wouldn't say I studied a bunch. The key for me was building the index. My book index was about 6-7 pages, pretty mild, but it was the re-reading through the content that helped a lot of stuff stick in my head. Then, I went and made separate little **** sheets for different tools. I made a Powershell sheet, a Windows CLI sheet, I made my own Netcat and Nmap **** sheets as well. Just typing them up helped me remember a ton, and then helped on the test as well.
Also, I had already been prepping for a web app security position prior to the exam, so I was more than comfortable with the entire web app section. The time I spent working with OWASP BWA and Juice Shop was very beneficial to everything web app. -
Randy_Randerson Member Posts: 115 ■■■□□□□□□□globalenjoi wrote: »I actually thought about making a separate post about this very subject: exploitation without Metasploit. I know the OSCP limits the use of the tool, but everything I've studied on so far has relied pretty heavily on the use of Metasploit. I definitely don't have a good understanding of crafting exploits, and I don't really know where to begin. This makes me think I may lean more towards the GXPN if it'll give me the edge on the OSCP.
Thankfully the code is pretty generic you'll learn as their SEC760 course is the bread and butter to actually crafting your own based on old exploits they teach you in the class. But 660 you'll get meat and potatoes on how to do the basic type stuff and get it to run properly on Linux and Windows respectively. You'll dive deep in ASLR and DEP as well. Things that will certainly help not only with OSCP but OSCE as well. Honestly, just keep at it this year and you'll be fine by your timeline. Also, get to know and love Ettercap and Bettercap. -
fabostrong Member Posts: 215 ■■■□□□□□□□As far as the GI Bill paying for this, don't you have to have a bachelor's degree, even if it's just the certificate program you're signing up for and not the masters? If that's the case, I'll pay for WGU out of pocket and use the rest of my GI bill to get SANS certs since WGU is significantly cheaper and I'm planning on only having to do one term.
-
globalenjoi Member Posts: 104 ■■■□□□□□□□fabostrong wrote: »As far as the GI Bill paying for this, don't you have to have a bachelor's degree, even if it's just the certificate program you're signing up for and not the masters? If that's the case, I'll pay for WGU out of pocket and use the rest of my GI bill to get SANS certs since WGU is significantly cheaper and I'm planning on only having to do one term.
Yeah, this was my thought process as well. I had been looking at grad programs, and while WGU seemed fine, I realized I would get more for the money by using the GI Bill on the SANS graduate cert. I'm new to security, but I'm fairly sure that 4 SANS courses/certs is more valuable than a WGU grad degree, at least right now in my career. -
fabostrong Member Posts: 215 ■■■□□□□□□□globalenjoi wrote: »Yeah, this was my thought process as well. I had been looking at grad programs, and while WGU seemed fine, I realized I would get more for the money by using the GI Bill on the SANS graduate cert. I'm new to security, but I'm fairly sure that 4 SANS courses/certs is more valuable than a WGU grad degree, at least right now in my career.
I agree but from what it says on the sans site, I'm pretty sure you have to have a bachelor's degree already. That's what I'm trying to find out for sure.