Will SANS GPEN Training helps for OSCP Prep

MSK26MSK26 Registered Users Posts: 6 ■■■□□□□□□□

I want to pursue OSCP however not able to allocate time due to work and life. That said, my org may sponsor SANS training so I'm wondering taking GPEN will be good course as pre-cursor to OSCP as I'm totally new to offensive security. At this point, I'm planning to focus on GPEN, Python before jumping full time on OSCP. 

Can anyone please share if my approach is in right direction. 

Thanks, MSK26


  • iBrokeITiBrokeIT GICSP, GCIP, GXPN, GPEN, GWAPT, GCFE, GCIA, GCIH, GSEC, CySA+, Sec+, eJPT Member Posts: 1,309 ■■■■■■■■■□
    The best prep for the OSCP is the OSCP material.  Jump in and do it.

    FYI, then GPEN is now partially practical too so all that time spent studying for it could be used on the OSCP if that is your end goal.
    2019: GPEN | GCFE | GXPN | GICSP | CySA+ 
    2020: GCIP | GCIA | eCPPT | eWPT | eCTHP

    WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security
  • xXxKrisxXxxXxKrisxXx eCPPT, eWPT, GPEN, GMOB, OSCP, CCSK, CDP, Microsoft Certified: Azure Fundamentals Member Posts: 80 ■■■■□□□□□□
    I'll second what iBrokeIT said. Additionally, I'll add that once upon a time l passed the OSCP and sat and tried to challenge the GPEN exam and failed. l do know someone who took Cracking the Perimeter, obtained their OSCE, challenged the GPEN exam and passed. You already know this but it comes down to the knowledge of the individual going in.

    Looking back, l was pretty foolish prepping for the GPEN after getting my OSCP. PWK is hardcore Lab and Hands-On focused. While SEC560 has that in the accompanying lab guide and day 6 (CTF), you're going to get the most preparation for the OSCP by pwning the machines in the lab environment.

    l can personally vouch that now having obtained both the GPEN, OSCP, as well as eCPPT Gold & Silver, the certification l feel most proud of and got the most out of was Pentesting with Kali.
  • MSK26MSK26 Registered Users Posts: 6 ■■■□□□□□□□
    Thanks @iBrokeIT, @xXxKrisxXx for your quick responses. Totally agreed, to jump into OSCP but for me the biggest challenge is time thereby looking for classroom training which will help skip my work and understanding fundamentals, pentest approach and what not. So if GPEN may not help on this how about taking Blackhat course on PWK ? Will this course help as build up to OSCP ? 
  • iBrokeITiBrokeIT GICSP, GCIP, GXPN, GPEN, GWAPT, GCFE, GCIA, GCIH, GSEC, CySA+, Sec+, eJPT Member Posts: 1,309 ■■■■■■■■■□
    So you are looking for a shortcut to get a piece of paper because you don't have the time to properly learn the skills necessary to become a good hacker?
    2019: GPEN | GCFE | GXPN | GICSP | CySA+ 
    2020: GCIP | GCIA | eCPPT | eWPT | eCTHP

    WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security
  • MSK26MSK26 Registered Users Posts: 6 ■■■□□□□□□□
    @iBrokeIT Definitely want to have good pentest skills to start consultancy down the line. But, at this point my team has budget for trainings and I want to utilize it for training relevant to OSCP to help me provide basics (not much exp in linux, python),  bring me back to mainstream to work on labs and importantly the mindset required for preparation. 
  • Danielm7Danielm7 Member Posts: 2,306 ■■■■■■■■□□
    While I haven't taken the 560 I've done a few SANS courses and if the 560 is free to you, why not take it? I know the goal is pentesting and the OSCP, but I wouldn't turn down any free SANS class, especially one specifically geared towards your end goal. Sounds like from the other posters it won't be a 1:1 equiv of OSCP prep, but who cares? Lots of companies haven't even heard of the OSCP and have a lot respect for SANS. 

    So really, what do you have to lose by taking a free SANS course and GPEN?
  • MSK26MSK26 Registered Users Posts: 6 ■■■□□□□□□□
    @Danielm7 yes, so is my thinking but though its sponsored want to ensure to take the right one. Earlier thought of GCIH but upon comparison understood GPEN more suits my requirement. 😀
  • McxRisleyMcxRisley OSCP, CASP, CySA+, CPT+, Sec+, CEH, Splunk Admin Member Posts: 494 ■■■■■□□□□□
    edited July 2019
    I agree that if its free, you should definitely take the course. But now I am curious as to what companies that do pentesting haven't heard of the OSCP? I would immediately hang up or leave the interview if a company told me that. Most companies wouldn't give me the time of day until I got my OSCP when I was trying to land a pentesting job. As for training that can help prepare you for the OSCP, there are several courses on UDEMY that you can pick up for around $10 by Zaid Sabihah. I did his "Learn Ethical Hacking from Scratch" course before the OSCP and it helped me a ton. Also now there is another great resource in hackthebox.eu. If you can finish the easy-intermediate systems on there then you are more than ready for the OSCP. 
    I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
  • yoba222yoba222 Senior Member Member Posts: 1,230 ■■■■■■■■□□
    edited July 2019
    Going for OSCP early next year. I have access to GPEN materials, but don't intend to go through them to prep for OSCP. I think I'll get more bang for the buck doing VHL/HtB/VulnHub machines instead among other resources.

    That said, if my company were paying for the GPEN, I would 100% absolutely do it. That's a valuable cert and great material. I'm sure it would help towards OSCP. But I would not do the GPEN to prep for OSCP if paying out of pocket.

    Zaid is one of my favorites on Udemy; love his teaching style.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • MSK26MSK26 Registered Users Posts: 6 ■■■□□□□□□□
    Well noted @McxRisley @yoba222.

    Guess I got my perspective from all above inputs. Thanks again to all and all the best for your endeavours in security. Cheers.
Sign In or Register to comment.