GIAC Certified Penetration Tester (GPEN)

GAngelGAngel Posts: 708Member
I've just gotten access to the On-Demand portion of the training which i'll start on sunday. So i'm just making a thread to post my experience and thoughts on the course. I'll start from how to apply for facilitator to the week course november 23-28 and then writing and hopefully passing the exam before feburary 23rd 2010.

Stay tuned seems like alot of info.
«1

Comments

  • GAngelGAngel Posts: 708Member
    You apply for the SANS workstudy program under the training/workstudy section of the website. It asks about your goals for doing the program, where you are in your career currently and where you want your career to go.

    Reasons for doing the workstudy are on the website so i won't go into them besides that it's $700 for a course including certification that normally costs $3500. You have to fill out an application for each event you'd like to facilitate at and in my case SANS got back to me within 10 days.

    Acceptance into the course is through email. You must fax back the acceptance letter by a certain date and then follow the other instructions for signing up to facilitate.

    You are expected to review all the information prior to the course as you are working to provide a better program not only for yourself but the other students as well. I won't go into detail what's all included in the training but by the quick overview there is plenty of hands on and a huge amount of information.
  • GAngelGAngel Posts: 708Member
    I couldn't wait to go through some of the material so I'm listening to one of the lessons by ed skoudis and in it he talks about Encrypting File System (EFS).

    He says its really aweful. "It's shockingly bad and you could make a really strong argument its worse than nothing."

    Why because the crypto key is protected (in most environments) with just the users password for the OS.
    You can **** the password hash and crack it or pass the hash.

    Another problem is if you drag a file into the EFS drive it encrypts it and leaves a clear text copy in the original file system spot. It doesn't properly wipe.
  • dynamikdynamik Posts: 12,314Banned
    The material is fascinating, and Ed's just freaking awesome in general. I'm going to hit up his webcasts as soon as I get a chance.

    This one is definitely on my to-do list. I can't believe there's currently < 700 (and I work with three of them).

    I'd love to do the GSE eventually; there's only 16 of those! icon_lol.gif

    Too bad the GSEC's a prereq for that. I emailed and asked if I could substitute something else for that and they said no. That seems like kind of a waste to me since it's basically just a Security+ on steroids. Oh well...
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,128Admin Admin
    dynamik wrote: »
    Too bad the GSEC's a prereq for that. I emailed and asked if I could substitute something else for that and they said no. That seems like kind of a waste to me since it's basically just a Security+ on steroids. Oh well...
    Have you seen the stack of course material required for the GSEC? The information in just the first manual alone puts the GSEC's difficulty way ahead of the Security+. I'd love to sit in a GSEC workshop, but the instructor is required to present the material at such a break-neck speed that I'd probably not end up retaining much of the information.
  • dynamikdynamik Posts: 12,314Banned
    JDMurray wrote: »
    Have you seen the stack of course material required for the GSEC?

    Yep, it's within 5ft of me at the moment. I've paged through about half of it. MCSE:S took care of the Microsoft stuff, and pretty much everything else has been review...
  • GAngelGAngel Posts: 708Member
    dynamik wrote: »
    The material is fascinating, and Ed's just freaking awesome in general. I'm going to hit up his webcasts as soon as I get a chance.

    This one is definitely on my to-do list. I can't believe there's currently < 700 (and I work with three of them).

    I'd love to do the GSE eventually; there's only 16 of those! icon_lol.gif

    Too bad the GSEC's a prereq for that. I emailed and asked if I could substitute something else for that and they said no. That seems like kind of a waste to me since it's basically just a Security+ on steroids. Oh well...

    If i had a year off and 20k it would be at the top of my list.
  • unsupportedunsupported Posts: 192Member
    dynamik wrote: »
    Too bad the GSEC's a prereq for that. I emailed and asked if I could substitute something else for that and they said no. That seems like kind of a waste to me since it's basically just a Security+ on steroids. Oh well...

    GSEC is not a requirement for GSE anymore! I am on the GIAC Advisory board and they just announced the changes. The prerequisites are changed to allow the substitution of other upper level SANS course for the gold requirement and it also allows the removal of the GSEC. Check it out at, GIAC Security Expert (GSE). This is what it boils down to:

    GSE Pre-requisites (updated 10-12-2009):

    GSE pre-requisite baseline is: GSEC, GCIH, GCIA with two gold.

    GSEC pre-requisite is unique because of dual windows and unix coverage.
    Substitution options:

    1. GCWN & GCUX combined can act as a substitute for GSEC
    2. Higher level certifications can act as substitutes for gold papers examples: GCFA, GCFW, GCUX, GCWN, GCED, GPEN, GWAPT, GAWN, GREM

    GSE pre-requisite list (including substitution options):

    (A) GSEC, GCIH, GCIA with two gold
    (B) GSEC, GCIH, GCIA with one gold and one substitute
    (C) GSEC, GCIH, GCIA with no gold and two substitutes
    (D) GCWN, GCUX, GCIH, GCIA with one gold
    (E) GCWN, GCUX, GCIH, GCIA with no gold and one substitute

    I've been toying with the GSE, but I'm too busy with school. I hope this helps.
    -un

    “We build our computer (systems) the way we build our cities: over time, without a plan, on top of ruins” - Ellen Ullman
  • GAngelGAngel Posts: 708Member
    GSEC is not a requirement for GSE anymore! I am on the GIAC Advisory board and they just announced the changes. The prerequisites are changed to allow the substitution of other upper level SANS course for the gold requirement and it also allows the removal of the GSEC. Check it out at, GIAC Security Expert (GSE). This is what it boils down to:

    GSE Pre-requisites (updated 10-12-2009):

    GSE pre-requisite baseline is: GSEC, GCIH, GCIA with two gold.

    GSEC pre-requisite is unique because of dual windows and unix coverage.
    Substitution options:

    1. GCWN & GCUX combined can act as a substitute for GSEC
    2. Higher level certifications can act as substitutes for gold papers examples: GCFA, GCFW, GCUX, GCWN, GCED, GPEN, GWAPT, GAWN, GREM

    GSE pre-requisite list (including substitution options):

    (A) GSEC, GCIH, GCIA with two gold
    (B) GSEC, GCIH, GCIA with one gold and one substitute
    (C) GSEC, GCIH, GCIA with no gold and two substitutes
    (D) GCWN, GCUX, GCIH, GCIA with one gold
    (E) GCWN, GCUX, GCIH, GCIA with no gold and one substitute

    I've been toying with the GSE, but I'm too busy with school. I hope this helps.

    I was actually looking over the updates with dynamic and quite frankly it may as well be unless someone wants to do it at twice the cost to get GCWN & GCUX you must hold GSEC. The only things the other exams really do is substitute gold papers which once again would come at a huge cost dis-advantage as opposed to doing the papers.

    The economical way to do it for someone who is paying for it themself is option A.
  • dynamikdynamik Posts: 12,314Banned
    It was funny, I actually emailed them on the 12th and bitched about GSEC being a requirement icon_lol.gif

    Yea, I'm not going to take advantage of the substitution since it's twice as much money for those two. However, it is nice to be able to substitute the GPEN and GCFW for the two gold papers (when I theoretically get them in the future).
  • Paul BozPaul Boz Posts: 2,621Member
    I was hoping that the GCFW would sub for the GSEC but that not being the case I don't really see the GSE in my future. I'm not interested enough in Windows and Unix security to spend $3500 on the courses and I feel doubly that way about the GSEC. I know that the GCFW counts as a gold paper but I'm intending on writing a paper for the GCFW anyway. Ho hum.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    [email protected]
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • dynamikdynamik Posts: 12,314Banned
    So do GSEC, GCFW + Paper, GCIH, and GCIA. You can challenge the GSEC for $900.
  • GAngelGAngel Posts: 708Member
    dynamik wrote: »
    So do GSEC, GCFW + Paper, GCIH, and GCIA. You can challenge the GSEC for $900.

    $900 for a security++ exam :p

    Just got an email from SANS they have a new cyber guardian program that looks fantastic.
    About the Program

    SANS' Cyber Guardian program is designed for the elite teams of technical security professionals who are part of the armed forces, Department of Defense, or other government agencies whose role includes securing systems, reconnaissance, counterterrorism and counter hacks. These teams will be the cyber security special forces where each individual's role makes the team successful.

    What a CISSP should really be i'd wager not a one off test:
    Program Prerequisites
    • A minimum of 5 years of experience in information security
    • Outstanding performance reviews from commanders/managers
    • Recommendations from commanders/managers and peers
    • Completion of the GIAC Security Essentials Certification (GSEC) exam with a score of 80 or above or hold a CISSP certification
    Exams you write are GSEC,GCIA,GCFA and GPEN + GSE
  • veritas_libertasveritas_libertas Audentis Fortuna Iuvat Greenville, SC USAPosts: 5,733Member ■■■■■■■■■■
    GAngel wrote: »
    $900 for a security++ exam :p

    Just got an email from SANS they have a new cyber guardian program that looks fantastic.
    About the Program

    SANS' Cyber Guardian program is designed for the elite teams of technical security professionals who are part of the armed forces, Department of Defense, or other government agencies whose role includes securing systems, reconnaissance, counterterrorism and counter hacks. These teams will be the cyber security special forces where each individual's role makes the team successful.

    What a CISSP should really be i'd wager not a one off test:
    Program Prerequisites
    • A minimum of 5 years of experience in information security
    • Outstanding performance reviews from commanders/managers
    • Recommendations from commanders/managers and peers
    • Completion of the GIAC Security Essentials Certification (GSEC) exam with a score of 80 or above or hold a CISSP certification
    Exams you write are GSEC,GCIA,GCFA and GPEN + GSE

    SANS Cyber Guardian Program
    Currently working on: Linux and Python
  • dynamikdynamik Posts: 12,314Banned
    GAngel wrote: »
    $900 for a security++ exam :p

    We share that sentiment, believe me...
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,128Admin Admin
    And having "GSEC" on your resume doesn't do much for you, unless you are a DoD contractor or are teaching the GSEC class.
  • GAngelGAngel Posts: 708Member
    I finally started getting into the ondemand material. Only 2 weeks left until the class. On the last 2 parts of section one which I'll finish tonight. Been nothing but a refresher so far which is good expect section two to be more hands on. Very good advice for the industry far more than I expected.
  • GAngelGAngel Posts: 708Member
    I downloaded freebsd and fedora 11 last night and spent it doing the linux brush up section in the course. (this part alone is probably worth the money for the course) I'll probably have to do it 5-10 more times to really get back into things but i'm enjoying it. I'm just over 30% of the way through the on demand and it's been nothing but quality so far.

    Only 10 days till the class now so accelerating the learning curve a bit. Hope to be at 70% by the end of the weekend.
  • GAngelGAngel Posts: 708Member
    Another little tidbit I picked up is that nmap,nessus,snort all are programmed in a language called lua
  • dynamikdynamik Posts: 12,314Banned
    I thought Lua was used to script those, not that they were programmed in them.

    And I believe Nessus uses NASL, not Lua. Lua is also supported by Wireshark.
  • GAngelGAngel Posts: 708Member
    dynamik wrote: »
    I thought Lua was used to script those, not that they were programmed in them.

    And I believe Nessus uses NASL, not Lua. Lua is also supported by Wireshark.

    woops wrong word script is correct. You can create scripts to run in all three using lua. Yes to wireshark. My brain is a total mess between taking that god aweful buckley's and being at this for the last 5 hrs.
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,128Admin Admin
    Lua is a freely-available scripting language that first found wide use in the computer gaming world, where it got noticed by the Hack-ish community as a good alternative to PythonScript, or inventing your own ad hoc scripting language. Commercial companies have also adopted Lua as a way to a way to configure and extend their products (Adobe Lightroom is suppose to be around 40% Lua). There are a couple of good books about Lua too.
  • GAngelGAngel Posts: 708Member
    I've finally had a chance to update this. It's been a whirlwind week.

    It was GPEN with bootcamp so it went from 9-7 on most days. We covered everything from writing the report to using rainbow tables.
    The course was thought by Rick Smith one of the GSE's and he's a smart cookie. He took the time to answer everyone's questions throughout the course. The capture the flag on the last day is challenging. Do-able if you have the time to sit and think about it but we all ran out of time in our groups though one team got extremely close.

    There was a mix of security pro's there from all across eastern canada so lots of good networking went on.

    As for being a facilitator the main duties were helping set up the lap, cabling, network. Getting everyone checked in and all there stuff assigned to them on day one. Collecting the evaluations and tallying them daily and generally answering questions and making sure everyone was ok. Very good trade off for what I learned.

    I did learn you can buy the sans coursebooks usually available at one of the big conferences. We had a couple of extra books and it was being sold to us if we wanted to give it to others we knew if they wanted to challenge the exam.

    Once i get the email to take the exam I'll schedule it for about 2 weeks time and in the meantime I'm going over all of it again.
  • dynamikdynamik Posts: 12,314Banned
    GAngel wrote: »
    I did learn you can buy the sans coursebooks usually available at one of the big conferences. We had a couple of extra books and it was being sold to us if we wanted to give it to others we knew if they wanted to challenge the exam.

    Really? You can only buy them at the conferences? How much are they? I might run out to the New Orleans one (if I don't get selected for work-study) and pick some up.
  • GAngelGAngel Posts: 708Member
    dynamik wrote: »
    Really? You can only buy them at the conferences? How much are they? I might run out to the New Orleans one (if I don't get selected for work-study) and pick some up.

    Messaged as I don't know if that's official policy only what we got told.
  • GAngelGAngel Posts: 708Member
    I just finished the on demand portion of the course. Now that i can firmly compare on demand verses classroom I can say there is very little difference between the two. The only thing different were the examples each used based on there own experiences.

    Next up is indexing the books to make it easier to find information and then I'm going to do the final day challenge again so i get some more hands on with the tools. Then I plan to have a go at the test hopefully next weekend or the one after.
  • GAngelGAngel Posts: 708Member
    I finished indexing all my books so i decided to do one of the practise exams tonight to see what I'd get. I did it without using any books/notes etc and scored 71% which is about what I was hoping for. I also left the hands on questions at the end and finished in 1:41 so I'm not worried about the score. At the end of the exam I got the sections I was weak in so I'll study them for the next few days and retake the practise exam again without any aides.

    I've booked my exam for saturday morning so I'm hoping the exam will be a bit easier when I actually have all of my material infront of me. I'm hoping for a mid 80's if I can manage it.
  • impelseimpelse Posts: 1,227Member ■■■■□□□□□□
    Keep going.
    Blog: learn-security.net

    Computer Support Houston Area: thehost1.com
  • impelseimpelse Posts: 1,227Member ■■■■□□□□□□
    I forgot to ask you. Howmuch exp do you have with penetration testing?
    Blog: learn-security.net

    Computer Support Houston Area: thehost1.com
  • GAngelGAngel Posts: 708Member
    impelse wrote: »
    I forgot to ask you. Howmuch exp do you have with penetration testing?

    As a pen tester none doing incident handling and assessments with alot of the tools 3-4 years. I've also got the heorot and ceh done in the last 4 mths so it's still pretty fresh in my mind.
  • dynamikdynamik Posts: 12,314Banned
    Exciting stuff! Glad to see the progress. I have my scheduled for 1/15, but I'll probably push it back since I'm working on three other certs and a college class. I'll kill it early 2010 for sure though. Good luck with your exam!
«1
Sign In or Register to comment.