Passed GPEN and GCIH

I successfully passed the GPEN (passed on May 26) and GCIH (passed on June 19) within a month of each other.

Due to the pandemic, I was able to schedule both of my exams through Proctor-U, which was a smooth process and had no issues with the remote proctor.

Below was my study plan for the GPEN/GCIH

Wrote a 250 page index for GPEN, and a 225 page index for GCIH.
Studied an hour per day for 4 weeks for GPEN and GCIH.
Practiced each lab up to 10 times.
Passed the 4 practice tests.
Attended the elearnsecurity's ECCPT course (practiced each lab 10 times) and exploited 30 machines in hackthebox.
Reviewed EC-Councils ECSA book.
Reviewed EC-Councils C.E.H. book.
Read Hacking Exposed 7.
Read Basic Security Testing with Kali Linux 2.

Do not listen to anyone that said these were easy exams because I felt like they were the hardest certifications open book exams that I have taken even with a detailed index.

I am going to take a break before tackling the following certifications: AWS Certified Solutions Architect, AWS Cloud Practitioner, CCSK

Find more posts tagged with

GCIH

GIAC

GIAC Exam

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

SteveLavoie

First congrats! 2 GIAC exam in that much time, it is impressive.

As GPEN / GCIH material is quite similar, did you attend both SANS class? Can someone be able to do GCIH without their books (or with GPEN book and a few other documentation?

I chose Sec560, because I thought it was more fun.. but I am wondering if my next class will be GCIH or another one.

Jove

SteveLavoie said:

First congrats! 2 GIAC exam in that much time, it is impressive.

As GPEN / GCIH material is quite similar, did you attend both SANS class? Can someone be able to do GCIH without their books (or with GPEN book and a few other documentation?

I chose Sec560, because I thought it was more fun.. but I am wondering if my next class will be GCIH or another one.

I attended both classes and noticed GCIH material had less detail about certain topics that were heavily focused in GPEN.

I would recommend having the GCIH or GPEN books with you during the exam just in case your index doesn't have enough detail about a subject.

charismaticx

Nice! There’s some overlap between the two, but their still quite different. These exams are challenging, but quite rewarding. Good luck on the AWS courses. The Solutions Architect has caught my eye as well.

walter18

wow, impressive. you said you did the labs each 10 times, does that mean consecutive or go through each lab once repeated 10 times or do each lab 10 times before moving on to the next?

E Double U

Jove said:

I successfully passed the GPEN (passed on May 26) and GCIH (passed on June 19) within a month of each other.

Do not listen to anyone that said these were easy exams because I felt like they were the hardest certifications open book exams that I have taken even with a detailed index.

Congratulations!

What other open book exams have you taken? If I had to rank my GIAC credentials from least to most difficult based on exam scores it would be GDSA (87%), GCCC (79%), GPEN (77%), GCIH (76%), GCIA (72%). I personally wouldn't call GCIH or GPEN easy, but they were definitely easier for me than GCIA and not as easy some others. Of course the difficulty level experienced during the exam depends on one's level of real-world experience in combination with exam preparation.

Danielm7

E Double U said:
What other open book exams have you taken? If I had to rank my GIAC credentials from least to most difficult based on exam scores it would be GDSA (87%), GCCC (79%), GPEN (77%), GCIH (76%), GCIA (72%). I personally wouldn't call GCIH or GPEN easy, but they were definitely easier for me than GCIA and not as easy some others. Of course the difficulty level experienced during the exam depends on one's level of real-world experience in combination with exam preparation.

A friend of mine is a GSE and he was shocked how much harder the GCIA was than the other 500 level courses, I haven't taken that one yet. But i've done the GCIH and I'm prepping for the GPEN now and I'd agree the IH is easier.

@Jove wow on the 225-250 page indexes! I know everyone does them differently but what sort of format did you use that they were that long? I put a lot of detail in the comments of each line I put in there but even then I don't think I've done one over 3 exams that has been longer than 20 pages so I'm curious how you're doing them.

walter18

Jove said:

I successfully passed the GPEN (passed on May 26) and GCIH (passed on June 19) within a month of each other.

Due to the pandemic, I was able to schedule both of my exams through Proctor-U, which was a smooth process and had no issues with the remote proctor.

Below was my study plan for the GPEN/GCIH
Wrote a 250 page index for GPEN, and a 225 page index for GCIH.
Studied an hour per day for 4 weeks for GPEN and GCIH.
Practiced each lab up to 10 times.
Passed the 4 practice tests.
Attended the elearnsecurity's ECCPT course (practiced each lab 10 times) and exploited 30 machines in hackthebox.
Reviewed EC-Councils ECSA book.
Reviewed EC-Councils C.E.H. book.
Read Hacking Exposed 7.
Read Basic Security Testing with Kali Linux 2.
Do not listen to anyone that said these were easy exams because I felt like they were the hardest certifications open book exams that I have taken even with a detailed index.

I am going to take a break before tackling the following certifications: AWS Certified Solutions Architect, AWS Cloud Practitioner, CCSK

wow, impressive. you said you did the labs each 10 times, does that mean consecutive or go through each lab once repeated 10 times or do each lab 10 times before moving on to the next?, and how do you overvome the boredom of labbing the same topic 10 times?

Jove

Danielm7 said:

E Double U said:
What other open book exams have you taken? If I had to rank my GIAC credentials from least to most difficult based on exam scores it would be GDSA (87%), GCCC (79%), GPEN (77%), GCIH (76%), GCIA (72%). I personally wouldn't call GCIH or GPEN easy, but they were definitely easier for me than GCIA and not as easy some others. Of course the difficulty level experienced during the exam depends on one's level of real-world experience in combination with exam preparation.

A friend of mine is a GSE and he was shocked how much harder the GCIA was than the other 500 level courses, I haven't taken that one yet. But i've done the GCIH and I'm prepping for the GPEN now and I'd agree the IH is easier.

@Jove wow on the 225-250 page indexes! I know everyone does them differently but what sort of format did you use that they were that long? I put a lot of detail in the comments of each line I put in there but even then I don't think I've done one over 3 exams that has been longer than 20 pages so I'm curious how you're doing them.

My index was alphabetized and placed in an A-Z divider tab folder. I created a Microsoft Word table with four columns: book, page, definition (word), description.

The description would be as detailed as possible (copied the book summary and content) so I wouldn't have to go back to the book (unless a picture was included in the book). If the summary had additional keywords with a description, I would copy that definition and place it in two locations (Example: AV tools for Automating AV evasion section mentioned msfencode and veil evasion, so it would be in the A section, M section and V section with a description for each word.)

For the commands, I created a commands table with four columns as above and placed in the appropriate section. For example: cross site scripting and covert commands would be in the C section. Also, I used the snipping tool and took pictures of the command line results (like the results for ADS, net use, rpcclient, wmic, john the ripper, hash cat, nmap, sc).

Lastly, I created a separate word document for the incident handling steps and placed it at the end of the I section.

walter18 said:

Jove said:

I successfully passed the GPEN (passed on May 26) and GCIH (passed on June 19) within a month of each other.

Due to the pandemic, I was able to schedule both of my exams through Proctor-U, which was a smooth process and had no issues with the remote proctor.

Below was my study plan for the GPEN/GCIH
Wrote a 250 page index for GPEN, and a 225 page index for GCIH.
Studied an hour per day for 4 weeks for GPEN and GCIH.
Practiced each lab up to 10 times.
Passed the 4 practice tests.
Attended the elearnsecurity's ECCPT course (practiced each lab 10 times) and exploited 30 machines in hackthebox.
Reviewed EC-Councils ECSA book.
Reviewed EC-Councils C.E.H. book.
Read Hacking Exposed 7.
Read Basic Security Testing with Kali Linux 2.
Do not listen to anyone that said these were easy exams because I felt like they were the hardest certifications open book exams that I have taken even with a detailed index.

I am going to take a break before tackling the following certifications: AWS Certified Solutions Architect, AWS Cloud Practitioner, CCSK

wow, impressive. you said you did the labs each 10 times, does that mean consecutive or go through each lab once repeated 10 times or do each lab 10 times before moving on to the next?, and how do you overvome the boredom of labbing the same topic 10 times?

I worked on each lab once, reviewed the lab answers if I was stuck on a section or had no clue how to pivot to the second computer in another subnet. Then, I would take a break from the labs, work on a computer created in HackTheBox and then go back to ECCPT labs with an alternative solution to the lab answer.

Danielm7

Jove said:
My index was alphabetized and placed in an A-Z divider tab folder. I created a Microsoft Word table with four columns: book, page, definition (word), description.

The description would be as detailed as possible (copied the book summary and content) so I wouldn't have to go back to the book (unless a picture was included in the book). If the summary had additional keywords with a description, I would copy that definition and place it in two locations (Example: AV tools for Automating AV evasion section mentioned msfencode and veil evasion, so it would be in the A section, M section and V section with a description for each word.)

For the commands, I created a commands table with four columns as above and placed in the appropriate section. For example: cross site scripting and covert commands would be in the C section. Also, I used the snipping tool and took pictures of the command line results (like the results for ADS, net use, rpcclient, wmic, john the ripper, hash cat, nmap, sc).

Lastly, I created a separate word document for the incident handling steps and placed it at the end of the I section.

Interesting, so you basically copied all the content of the books into the indexes, a ton of work but it sounds like it worked out for you, congrats on the passes! I do the same thing on the multiple locations for multiple ways I'd look up a term, C Cross Site Scripting, X XSS W web attacks, etc. with the same notes after each.