I passed GPEN this morning with 95% on the first attempt and this is how I prepared + my index!
I'm buzzing from exicitement as I just got back home from the testing center with a 95% PASS in my pocket for the GIAC GPEN exam! I worked hard on this one for the last two months and I gotta say even though COVID-19 helped me a lot with finding time to study I think I still put in a decent amount of my free time.
My background is that I'm working in corporate IT since 2013 coming from a helpdesk position all the way to self-employed network and security enigineer today. I didn't do any pentesting in corporate environments till date. I took this course and exam to get my foot in the doorstep in this field. I considered CEH and Pentest+ before but last year I got introduced to SANS by one of my instructors from Security+. While being in the lucky position to be able to afford a course I decided to give it a go and here we are!
- As mentioned, I took the SEC560 course from SANS which was suppossed to be live in Frankfurt in the first week of April this year. Unfortunately we had to move everything online because of the COVID-19 outbreak. It all worked out pretty well in the end without any disruptions while it was only the second week of "Cybercasts" going on. The instructor was Jeff McJunkin, great guy and even on the exam this morning I answered a question based on what I remember he said. Not everything is in the books folks!
- After the 6-day course I took a one-week break to relax as suggested by Jeff.
- Once the break was over I started to create an index for use during the exam. There are many methods out there who all seem to work fine. I decided to go with the Voltaire tool created by Matthew Toussain since I'm not that of a "coloured-tab-guy" lol
- When I finished the index (I did 1 book a day on weekend to not let my head explode all at once, simple math shows us it took me 2,5 weekends to do 5 books), I started to practice labs. The course labs were unfortunately not available anymore. I thought I could access them for 4 months after the course just like the audio and video files but SANS support told me to add the OnDemand bundle to get back my access to the labs from class which I refused to pay for since I was already in for over $7k on this one.
Instead of using the SANS material for the labs I hopped over to Hack The Box and did all the Starting and Easy machines that were available at the moment. Total would be about 10 machines I rooted in about a month's time. I also wrote up all my work while doing this labs so I could refer back to them later and help other people out on the forums. Great community!
- After pwning boxes for a while I felt ready to take my first practice test and scored 78%. Some big leaks were still out there but the graded score card you get after the test helps you figure them out pretty quickly.
- I spent the next 14 days re-studying the books on these topics for about 1 hour every day after work and did some more labbing on the weekends.
- Last Friday I took my second practice test and scored 83%. I decided to give it a go for the real test and booked it for this morning 10am.
- On the weekend I did a very last review of all topics and banged my head against the wall one more time.
- This morning I took the real exam and scored 95%.
What did I bring to the testing center:
- The course books day 1-5
- My index (link down below)
- The **** sheets I got with my course books
My exam consisted of 75 multiple choice questions and 7 labs. If you understood all the course labs or practiced a lot on your own on other platforms like I did, you shouldnt have any problem on the exam labs. I had about 30 minutes left when I finished the test.
Happy studying and if you have any questions feel free to drop them down below!