I passed GPEN this morning with 95% on the first attempt and this is how I prepared + my index!
Hello all!
I'm buzzing from exicitement as I just got back home from the testing center with a 95% PASS in my pocket for the GIAC GPEN exam! I worked hard on this one for the last two months and I gotta say even though COVID-19 helped me a lot with finding time to study I think I still put in a decent amount of my free time.
My background is that I'm working in corporate IT since 2013 coming from a helpdesk position all the way to self-employed network and security enigineer today. I didn't do any pentesting in corporate environments till date. I took this course and exam to get my foot in the doorstep in this field. I considered CEH and Pentest+ before but last year I got introduced to SANS by one of my instructors from Security+. While being in the lucky position to be able to afford a course I decided to give it a go and here we are!
My preperation:
- As mentioned, I took the SEC560 course from SANS which was suppossed to be live in Frankfurt in the first week of April this year. Unfortunately we had to move everything online because of the COVID-19 outbreak. It all worked out pretty well in the end without any disruptions while it was only the second week of "Cybercasts" going on. The instructor was Jeff McJunkin, great guy and even on the exam this morning I answered a question based on what I remember he said. Not everything is in the books folks!
- After the 6-day course I took a one-week break to relax as suggested by Jeff.
- Once the break was over I started to create an index for use during the exam. There are many methods out there who all seem to work fine. I decided to go with the Voltaire tool created by Matthew Toussain since I'm not that of a "coloured-tab-guy" lol
- When I finished the index (I did 1 book a day on weekend to not let my head explode all at once, simple math shows us it took me 2,5 weekends to do 5 books), I started to practice labs. The course labs were unfortunately not available anymore. I thought I could access them for 4 months after the course just like the audio and video files but SANS support told me to add the OnDemand bundle to get back my access to the labs from class which I refused to pay for since I was already in for over $7k on this one.
Instead of using the SANS material for the labs I hopped over to Hack The Box and did all the Starting and Easy machines that were available at the moment. Total would be about 10 machines I rooted in about a month's time. I also wrote up all my work while doing this labs so I could refer back to them later and help other people out on the forums. Great community!
- After pwning boxes for a while I felt ready to take my first practice test and scored 78%. Some big leaks were still out there but the graded score card you get after the test helps you figure them out pretty quickly.
- I spent the next 14 days re-studying the books on these topics for about 1 hour every day after work and did some more labbing on the weekends.
- Last Friday I took my second practice test and scored 83%. I decided to give it a go for the real test and booked it for this morning 10am.
- On the weekend I did a very last review of all topics and banged my head against the wall one more time.
- This morning I took the real exam and scored 95%.
What did I bring to the testing center:
- The course books day 1-5
- My index (link down below)
- The **** sheets I got with my course books
My exam consisted of 75 multiple choice questions and 7 labs. If you understood all the course labs or practiced a lot on your own on other platforms like I did, you shouldnt have any problem on the exam labs. I had about 30 minutes left when I finished the test.
Happy studying and if you have any questions feel free to drop them down below!
Comments
-
SteveLavoie Member Posts: 1,133 ■■■■■■■■■□Hey nice write up.. .my GPEN exam is due soon (June 29th). I second your though on Jeff McJunkin he is a very good and nice instructor. Can you PM me your link for your index. I would like to see it to compare with mine.
-
manderait Member Posts: 4 ■■□□□□□□□□Hi, thanks buddy! Unfortunately I'm not allowed to share links yet on the forum (new account). This also goes for PM's...
-
SteveLavoie Member Posts: 1,133 ■■■■■■■■■□Today it was the day of the first practice test for GPEN... 78% on first exam with 1h left without index (except the shitty one provided in book 6). Also, I didnt have to check my book too much, so it is a good sign.
I definitely know that I am getting ready. Before taking it, I was expecting to fail this test, with a 55-65%. While taking it, it went very well through the multiple choice question, a few checkup just to be sure. But it hit hard on the labs. On 7 labs, I got 3 that I was not prepared for, as my study is not complete (pivoting and web app mostly), I chose one answer randomly, just to skip them.
Finally, with the 78%, I have the impression that labs question are not worth much more than a multiple choice question.
So now, I am starting to get confident. I know what to review for the next 25 days before that exam. -
chrisone Member Posts: 2,278 ■■■■■■■■■□@manderait Congrats on the pass!
@SteveLavoie looks like you are very close and headed in the right path. How many practice tests do you have left?
Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
2023 Cert Goals: SC-100, eCPTX -
SteveLavoie Member Posts: 1,133 ■■■■■■■■■□@chrisone it was my first of the included 2. But I may buy one if the result of the second test are not good enough.
-
charismaticx Member Posts: 163 ■■■■□□□□□□What did you think of the exam? Very similar to the practice test?
Certs: Sec +, GSEC, GCED, GCIH, CEH, CySA, GSNA, CASP, PenTest + , GCIA, APTC, Linux +, AWS CCP, CISM, GPEN, GCWN, GSLC, GCCC, PCNSA, AWS Solutions Architect
Goals: PNPT; OSCP; GPYC; GSE -
manderait Member Posts: 4 ■■□□□□□□□□The exam is very similar to the practice tests in my opinion. If you nail the practice exams you should be good to go. I had some struggles with the labs on my practice tests and I still think I lost a lot of points on them. On the real exam I managed to get through all of them. The **** sheets are great if you're not great at reminding all syntaxes like me lol.
-
charismaticx Member Posts: 163 ■■■■□□□□□□I think the only useful one was the nmap one. Maybe, the metasploit one if you can’t remember. The other ones didn’t have as much as I would of liked.
Certs: Sec +, GSEC, GCED, GCIH, CEH, CySA, GSNA, CASP, PenTest + , GCIA, APTC, Linux +, AWS CCP, CISM, GPEN, GCWN, GSLC, GCCC, PCNSA, AWS Solutions Architect
Goals: PNPT; OSCP; GPYC; GSE -
charismaticx Member Posts: 163 ■■■■□□□□□□Just passed GPEN today. The exam wasn’t too bad. I honestly thought the labs would of been harder. There was like two that gave me a hard time but I was able to figure it out.
Certs: Sec +, GSEC, GCED, GCIH, CEH, CySA, GSNA, CASP, PenTest + , GCIA, APTC, Linux +, AWS CCP, CISM, GPEN, GCWN, GSLC, GCCC, PCNSA, AWS Solutions Architect
Goals: PNPT; OSCP; GPYC; GSE -
E Double U Member Posts: 2,238 ■■■■■■■■■■Congratulations guys!Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
-
charismaticx Member Posts: 163 ■■■■□□□□□□Good luck!
Certs: Sec +, GSEC, GCED, GCIH, CEH, CySA, GSNA, CASP, PenTest + , GCIA, APTC, Linux +, AWS CCP, CISM, GPEN, GCWN, GSLC, GCCC, PCNSA, AWS Solutions Architect
Goals: PNPT; OSCP; GPYC; GSE -
manderait Member Posts: 4 ■■□□□□□□□□Take it home boys! I believe I'm allowed to share links now so here is my index: https://284docs.s3.eu-central-1.amazonaws.com/GIAC+GPEN+_+SANS+SEC560+Network+Penetration+Testing+&+Ethical+Hacking+Index+2020.pdf