GXPN Passed.
blackedout
Member Posts: 16 ■□□□□□□□□□
in GIAC
Background: CEH GCIH GCIA GPEN, currently doing engineering/blue team work, never had a red team job, company gets access to SANS and I can take whatever I want so I take pentest classes.
Took SEC660, I really thought this class was phenomenal. I'm not a pentester and sitting in the class surrounded by redteam guys from various 3 letter agency places was really cool for me, nerded out and tried to chat up as many people as I could.
Day 1 was all about network attacks ettercap MITM and evading NAC environments, some neat labs where you escape from restricted kiosk type enviorments etc etc. Somewhat of a refresh from GPEN a tad, easy day, felt good.
Day 2 was all about crypto implementations, really getting into the weeds of stream and block ciphers breaking them down into pieces and identifying "good" vs "poor" implementations of crypto. Back half of the day was some powershell, still feeling good day 2.
Day 3 Python scapy and fuzzing. Python section was short but to the point explaining useful modules and whatnot, no big deal. Scapy was expanding on what I already knew from GCIA and GPEN. Fuzzing was fun used sulley taof and whatnot, again all good up to this point.
Day 4. Punch me in the face at 8am. Stack and memory allocation and management in Linux. This was where the class became very difficult for me. Stack overflows, memory leaks, ROP, stack protections ASLR, all 100% new information to me. Books 4 and 5 were probably 80% of the studying I did for this exam. You need to do the labs during class, and then do them again at bootcamp and then again at home and then again studying. I cannot stress this enough, you cannot robot your way though these. An Index will not help you when you are provided screenshots in immunity and then asked which area you need to modify to get an exploit working. Rough day but tons of good info.
Day 5. Same as day 4 but using Windows instead, ASLR, DEP, structured exception handling. Again 100% new information for me. More than half the book is labbing which really re-enforces the ideas you are supposed to learn. At the very end there is a small portion on metasploit, kinda info that was already in GPEN.
Exam, standard multiple choice like all other SANS exams until the final 5 questions, you have to fully complete the multiple choice answers before it "unlocks" the simulation questions. The simulations are similar to the practice exams, you are given a question and then provided a VM, the VM gives no clues as to what program is required, you need to know what tool to run and then what commands to run within the tool. Multi step questions that require knowledge of multiple tools within the VMs, it reminds me of the Cisco exams where you are dropped into a router and it would just say "fix BGP". While taking the exam I didnt feel super confident in my multiple choice section but I nailed all of the simulations. I felt like the simulations are heavily weighted, like if I got a 50% on the multiple choice but got 5-5 on exams I feel like you'd get like a 25% or more bump. I have no data to actually back this up but I didnt feel like I did fantastic on the multiple choice but was still able to get a pretty decent score.
Overall the test felt great, as I've said before with some of the easier SANS courses I feel like someone could make a ridiculous index and pass an exam without retaining any information, this exam was not the case, there is no index that will help you navigate through simulation questions or allow you to pick out the point in memory where a person has misconfigured an exploit. Very challenging yet very rewarding exam.
Next up for me, OSCP and I'm thinking about GPYC Python SANS course.
Took SEC660, I really thought this class was phenomenal. I'm not a pentester and sitting in the class surrounded by redteam guys from various 3 letter agency places was really cool for me, nerded out and tried to chat up as many people as I could.
Day 1 was all about network attacks ettercap MITM and evading NAC environments, some neat labs where you escape from restricted kiosk type enviorments etc etc. Somewhat of a refresh from GPEN a tad, easy day, felt good.
Day 2 was all about crypto implementations, really getting into the weeds of stream and block ciphers breaking them down into pieces and identifying "good" vs "poor" implementations of crypto. Back half of the day was some powershell, still feeling good day 2.
Day 3 Python scapy and fuzzing. Python section was short but to the point explaining useful modules and whatnot, no big deal. Scapy was expanding on what I already knew from GCIA and GPEN. Fuzzing was fun used sulley taof and whatnot, again all good up to this point.
Day 4. Punch me in the face at 8am. Stack and memory allocation and management in Linux. This was where the class became very difficult for me. Stack overflows, memory leaks, ROP, stack protections ASLR, all 100% new information to me. Books 4 and 5 were probably 80% of the studying I did for this exam. You need to do the labs during class, and then do them again at bootcamp and then again at home and then again studying. I cannot stress this enough, you cannot robot your way though these. An Index will not help you when you are provided screenshots in immunity and then asked which area you need to modify to get an exploit working. Rough day but tons of good info.
Day 5. Same as day 4 but using Windows instead, ASLR, DEP, structured exception handling. Again 100% new information for me. More than half the book is labbing which really re-enforces the ideas you are supposed to learn. At the very end there is a small portion on metasploit, kinda info that was already in GPEN.
Exam, standard multiple choice like all other SANS exams until the final 5 questions, you have to fully complete the multiple choice answers before it "unlocks" the simulation questions. The simulations are similar to the practice exams, you are given a question and then provided a VM, the VM gives no clues as to what program is required, you need to know what tool to run and then what commands to run within the tool. Multi step questions that require knowledge of multiple tools within the VMs, it reminds me of the Cisco exams where you are dropped into a router and it would just say "fix BGP". While taking the exam I didnt feel super confident in my multiple choice section but I nailed all of the simulations. I felt like the simulations are heavily weighted, like if I got a 50% on the multiple choice but got 5-5 on exams I feel like you'd get like a 25% or more bump. I have no data to actually back this up but I didnt feel like I did fantastic on the multiple choice but was still able to get a pretty decent score.
Overall the test felt great, as I've said before with some of the easier SANS courses I feel like someone could make a ridiculous index and pass an exam without retaining any information, this exam was not the case, there is no index that will help you navigate through simulation questions or allow you to pick out the point in memory where a person has misconfigured an exploit. Very challenging yet very rewarding exam.
Next up for me, OSCP and I'm thinking about GPYC Python SANS course.
Comments
-
JoJoCal19 Mod Posts: 2,835 ModCongrats on the pass man. You think you may attempt to tackle the 760 course at some point? It seems like it takes the day 4+5 materials and puts them on steroids.Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework -
quogue66 Member Posts: 193 ■■■■□□□□□□Congrats on the exam and thanks for the thorough description on the course and exam. I beta tested the new VM format for GIAC a few months back. I think they plan on doing this for more exams in the near future.
-
UnixGuy Mod Posts: 4,570 ModCongrats on this huge achievement! I heard a lot of awesome things about GPXN
-
JollyFrogs Member Posts: 97 ■■■□□□□□□□Congrats on passing GXPN - I agree it's a great course. Steven Simms is a great teacher - the quality of SEC660 is second to none, it's REAL good. Unfortunately, the followup to SEC660 (SEC760) has no OnDemand videos and it's difficult to justify spending 6000 dollars on a stack of books, without option for exam, videos or CTF challenge.
Good luck on the OSCP - the GXPN will certainly help you (it would have been the other way around too, the course complement eachother well). The level of GXPN is (imho) higher than the level of OSCP. GXPN seems to fit really neatly between OSCP and OSCE.