GIAC Certified Penetration Tester (GPEN)

I've just gotten access to the On-Demand portion of the training which i'll start on sunday. So i'm just making a thread to post my experience and thoughts on the course. I'll start from how to apply for facilitator to the week course november 23-28 and then writing and hopefully passing the exam before feburary 23rd 2010.

Stay tuned seems like alot of info.

Find more posts tagged with

Comments

GAngel

You apply for the SANS workstudy program under the training/workstudy section of the website. It asks about your goals for doing the program, where you are in your career currently and where you want your career to go.

Reasons for doing the workstudy are on the website so i won't go into them besides that it's $700 for a course including certification that normally costs $3500. You have to fill out an application for each event you'd like to facilitate at and in my case SANS got back to me within 10 days.

Acceptance into the course is through email. You must fax back the acceptance letter by a certain date and then follow the other instructions for signing up to facilitate.

You are expected to review all the information prior to the course as you are working to provide a better program not only for yourself but the other students as well. I won't go into detail what's all included in the training but by the quick overview there is plenty of hands on and a huge amount of information.

GAngel

I couldn't wait to go through some of the material so I'm listening to one of the lessons by ed skoudis and in it he talks about Encrypting File System (EFS).

He says its really aweful. "It's shockingly bad and you could make a really strong argument its worse than nothing."

Why because the crypto key is protected (in most environments) with just the users password for the OS.
You can **** the password hash and crack it or pass the hash.

Another problem is if you drag a file into the EFS drive it encrypts it and leaves a clear text copy in the original file system spot. It doesn't properly wipe.

dynamik

The material is fascinating, and Ed's just freaking awesome in general. I'm going to hit up his webcasts as soon as I get a chance.

This one is definitely on my to-do list. I can't believe there's currently < 700 (and I work with three of them).

I'd love to do the GSE eventually; there's only 16 of those!

Too bad the GSEC's a prereq for that. I emailed and asked if I could substitute something else for that and they said no. That seems like kind of a waste to me since it's basically just a Security+ on steroids. Oh well...

JDMurray

dynamik wrote: »

Too bad the GSEC's a prereq for that. I emailed and asked if I could substitute something else for that and they said no. That seems like kind of a waste to me since it's basically just a Security+ on steroids. Oh well...

Have you seen the stack of course material required for the GSEC? The information in just the first manual alone puts the GSEC's difficulty way ahead of the Security+. I'd love to sit in a GSEC workshop, but the instructor is required to present the material at such a break-neck speed that I'd probably not end up retaining much of the information.

dynamik

JDMurray wrote: »

Have you seen the stack of course material required for the GSEC?

Yep, it's within 5ft of me at the moment. I've paged through about half of it. MCSE:S took care of the Microsoft stuff, and pretty much everything else has been review...

GAngel

dynamik wrote: »

The material is fascinating, and Ed's just freaking awesome in general. I'm going to hit up his webcasts as soon as I get a chance.

This one is definitely on my to-do list. I can't believe there's currently < 700 (and I work with three of them).

I'd love to do the GSE eventually; there's only 16 of those!

Too bad the GSEC's a prereq for that. I emailed and asked if I could substitute something else for that and they said no. That seems like kind of a waste to me since it's basically just a Security+ on steroids. Oh well...

If i had a year off and 20k it would be at the top of my list.

unsupported

dynamik wrote: »

Too bad the GSEC's a prereq for that. I emailed and asked if I could substitute something else for that and they said no. That seems like kind of a waste to me since it's basically just a Security+ on steroids. Oh well...

GSEC is not a requirement for GSE anymore! I am on the GIAC Advisory board and they just announced the changes. The prerequisites are changed to allow the substitution of other upper level SANS course for the gold requirement and it also allows the removal of the GSEC. Check it out at, GIAC Security Expert (GSE). This is what it boils down to:

GSE Pre-requisites (updated 10-12-2009):

GSE pre-requisite baseline is: GSEC, GCIH, GCIA with two gold.

GSEC pre-requisite is unique because of dual windows and unix coverage.
Substitution options:

1. GCWN & GCUX combined can act as a substitute for GSEC
2. Higher level certifications can act as substitutes for gold papers examples: GCFA, GCFW, GCUX, GCWN, GCED, GPEN, GWAPT, GAWN, GREM

GSE pre-requisite list (including substitution options):

(A) GSEC, GCIH, GCIA with two gold
(B) GSEC, GCIH, GCIA with one gold and one substitute
(C) GSEC, GCIH, GCIA with no gold and two substitutes
(D) GCWN, GCUX, GCIH, GCIA with one gold
(E) GCWN, GCUX, GCIH, GCIA with no gold and one substitute

I've been toying with the GSE, but I'm too busy with school. I hope this helps.

GAngel

unsupported wrote: »

GSEC is not a requirement for GSE anymore! I am on the GIAC Advisory board and they just announced the changes. The prerequisites are changed to allow the substitution of other upper level SANS course for the gold requirement and it also allows the removal of the GSEC. Check it out at, GIAC Security Expert (GSE). This is what it boils down to:

GSE Pre-requisites (updated 10-12-2009):

GSE pre-requisite baseline is: GSEC, GCIH, GCIA with two gold.

GSEC pre-requisite is unique because of dual windows and unix coverage.
Substitution options:

1. GCWN & GCUX combined can act as a substitute for GSEC
2. Higher level certifications can act as substitutes for gold papers examples: GCFA, GCFW, GCUX, GCWN, GCED, GPEN, GWAPT, GAWN, GREM

GSE pre-requisite list (including substitution options):

(A) GSEC, GCIH, GCIA with two gold
(B) GSEC, GCIH, GCIA with one gold and one substitute
(C) GSEC, GCIH, GCIA with no gold and two substitutes
(D) GCWN, GCUX, GCIH, GCIA with one gold
(E) GCWN, GCUX, GCIH, GCIA with no gold and one substitute

I've been toying with the GSE, but I'm too busy with school. I hope this helps.

I was actually looking over the updates with dynamic and quite frankly it may as well be unless someone wants to do it at twice the cost to get GCWN & GCUX you must hold GSEC. The only things the other exams really do is substitute gold papers which once again would come at a huge cost dis-advantage as opposed to doing the papers.

The economical way to do it for someone who is paying for it themself is option A.

dynamik

It was funny, I actually emailed them on the 12th and bitched about GSEC being a requirement

Yea, I'm not going to take advantage of the substitution since it's twice as much money for those two. However, it is nice to be able to substitute the GPEN and GCFW for the two gold papers (when I theoretically get them in the future).

Paul Boz

I was hoping that the GCFW would sub for the GSEC but that not being the case I don't really see the GSE in my future. I'm not interested enough in Windows and Unix security to spend $3500 on the courses and I feel doubly that way about the GSEC. I know that the GCFW counts as a gold paper but I'm intending on writing a paper for the GCFW anyway. Ho hum.

dynamik

So do GSEC, GCFW + Paper, GCIH, and GCIA. You can challenge the GSEC for $900.

GAngel

dynamik wrote: »

So do GSEC, GCFW + Paper, GCIH, and GCIA. You can challenge the GSEC for $900.

$900 for a security++ exam

Just got an email from SANS they have a new cyber guardian program that looks fantastic.
About the Program

SANS' Cyber Guardian program is designed for the elite teams of technical security professionals who are part of the armed forces, Department of Defense, or other government agencies whose role includes securing systems, reconnaissance, counterterrorism and counter hacks. These teams will be the cyber security special forces where each individual's role makes the team successful.

What a CISSP should really be i'd wager not a one off test:
Program Prerequisites

A minimum of 5 years of experience in information security
Outstanding performance reviews from commanders/managers
Recommendations from commanders/managers and peers
Completion of the GIAC Security Essentials Certification (GSEC) exam with a score of 80 or above or hold a CISSP certification

Exams you write are GSEC,GCIA,GCFA and GPEN + GSE

veritas_libertas

GAngel wrote: »

$900 for a security++ exam

Just got an email from SANS they have a new cyber guardian program that looks fantastic.
About the Program

SANS' Cyber Guardian program is designed for the elite teams of technical security professionals who are part of the armed forces, Department of Defense, or other government agencies whose role includes securing systems, reconnaissance, counterterrorism and counter hacks. These teams will be the cyber security special forces where each individual's role makes the team successful.

What a CISSP should really be i'd wager not a one off test:
Program Prerequisites
A minimum of 5 years of experience in information security

Outstanding performance reviews from commanders/managers

Recommendations from commanders/managers and peers

Completion of the GIAC Security Essentials Certification (GSEC) exam with a score of 80 or above or hold a CISSP certification

Exams you write are GSEC,GCIA,GCFA and GPEN + GSE

SANS Cyber Guardian Program

dynamik

GAngel wrote: »

$900 for a security++ exam

We share that sentiment, believe me...

JDMurray

And having "GSEC" on your resume doesn't do much for you, unless you are a DoD contractor or are teaching the GSEC class.

GAngel

I finally started getting into the ondemand material. Only 2 weeks left until the class. On the last 2 parts of section one which I'll finish tonight. Been nothing but a refresher so far which is good expect section two to be more hands on. Very good advice for the industry far more than I expected.

GAngel

I downloaded freebsd and fedora 11 last night and spent it doing the linux brush up section in the course. (this part alone is probably worth the money for the course) I'll probably have to do it 5-10 more times to really get back into things but i'm enjoying it. I'm just over 30% of the way through the on demand and it's been nothing but quality so far.

Only 10 days till the class now so accelerating the learning curve a bit. Hope to be at 70% by the end of the weekend.

GAngel

Another little tidbit I picked up is that nmap,nessus,snort all are programmed in a language called lua

dynamik

I thought Lua was used to script those, not that they were programmed in them.

And I believe Nessus uses NASL, not Lua. Lua is also supported by Wireshark.

GAngel

dynamik wrote: »

I thought Lua was used to script those, not that they were programmed in them.

And I believe Nessus uses NASL, not Lua. Lua is also supported by Wireshark.

woops wrong word script is correct. You can create scripts to run in all three using lua. Yes to wireshark. My brain is a total mess between taking that god aweful buckley's and being at this for the last 5 hrs.

JDMurray

Lua is a freely-available scripting language that first found wide use in the computer gaming world, where it got noticed by the Hack-ish community as a good alternative to PythonScript, or inventing your own ad hoc scripting language. Commercial companies have also adopted Lua as a way to a way to configure and extend their products (Adobe Lightroom is suppose to be around 40% Lua). There are a couple of good books about Lua too.

GAngel

I've finally had a chance to update this. It's been a whirlwind week.

It was GPEN with bootcamp so it went from 9-7 on most days. We covered everything from writing the report to using rainbow tables.
The course was thought by Rick Smith one of the GSE's and he's a smart cookie. He took the time to answer everyone's questions throughout the course. The capture the flag on the last day is challenging. Do-able if you have the time to sit and think about it but we all ran out of time in our groups though one team got extremely close.

There was a mix of security pro's there from all across eastern canada so lots of good networking went on.

As for being a facilitator the main duties were helping set up the lap, cabling, network. Getting everyone checked in and all there stuff assigned to them on day one. Collecting the evaluations and tallying them daily and generally answering questions and making sure everyone was ok. Very good trade off for what I learned.

I did learn you can buy the sans coursebooks usually available at one of the big conferences. We had a couple of extra books and it was being sold to us if we wanted to give it to others we knew if they wanted to challenge the exam.

Once i get the email to take the exam I'll schedule it for about 2 weeks time and in the meantime I'm going over all of it again.

dynamik

GAngel wrote: »

I did learn you can buy the sans coursebooks usually available at one of the big conferences. We had a couple of extra books and it was being sold to us if we wanted to give it to others we knew if they wanted to challenge the exam.

Really? You can only buy them at the conferences? How much are they? I might run out to the New Orleans one (if I don't get selected for work-study) and pick some up.

GAngel

dynamik wrote: »

Really? You can only buy them at the conferences? How much are they? I might run out to the New Orleans one (if I don't get selected for work-study) and pick some up.

Messaged as I don't know if that's official policy only what we got told.

GAngel

I just finished the on demand portion of the course. Now that i can firmly compare on demand verses classroom I can say there is very little difference between the two. The only thing different were the examples each used based on there own experiences.

Next up is indexing the books to make it easier to find information and then I'm going to do the final day challenge again so i get some more hands on with the tools. Then I plan to have a go at the test hopefully next weekend or the one after.

GAngel

I finished indexing all my books so i decided to do one of the practise exams tonight to see what I'd get. I did it without using any books/notes etc and scored 71% which is about what I was hoping for. I also left the hands on questions at the end and finished in 1:41 so I'm not worried about the score. At the end of the exam I got the sections I was weak in so I'll study them for the next few days and retake the practise exam again without any aides.

I've booked my exam for saturday morning so I'm hoping the exam will be a bit easier when I actually have all of my material infront of me. I'm hoping for a mid 80's if I can manage it.

impelse

Keep going.

impelse

I forgot to ask you. Howmuch exp do you have with penetration testing?

GAngel

impelse wrote: »

I forgot to ask you. Howmuch exp do you have with penetration testing?

As a pen tester none doing incident handling and assessments with alot of the tools 3-4 years. I've also got the heorot and ceh done in the last 4 mths so it's still pretty fresh in my mind.

dynamik

Exciting stuff! Glad to see the progress. I have my scheduled for 1/15, but I'll probably push it back since I'm working on three other certs and a college class. I'll kill it early 2010 for sure though. Good luck with your exam!