After passing CEH, GPEN?

Guys

I just passed CEH and I would like to challenge GPEN. I am planning to buy the exam simulation for uCertify and begin to prepare and after this exam complete the OSCP training.

What kind of books you guys recommend? I found this link:

GPEN | IT Security Career

Please who ever challenge this exam give me suggestions.

Find more posts tagged with

Comments

chanakyajupudi

Hey. The idea is good. If you have the experience and are comfortable with the topics listed in the Blueprint it should be okay to challenge. Most of the SANS Exams are based on the material presented in their books though.

When you challenge the exam you get two practice tests as well which you could use to understand your strengths and weaknesses.

I intend to take the course in the coming few months. I dont have the experience to take the exam directly ! I neither have the money to do the course. I am going to try the Work Study in a location that I am comfortable with.

Whatever you choose ! Wishing you the best of luck !

Cheers !

JDMurray

I think the GPEN is very different from both the CEH and OSCP, and that having both will not sufficiently prepare you for GPEN. If you do find someone to give you a free GIAC GPEN practice exam, please let us know what you think of the material.

Psyco32

Sorry, but JD is right. Neither of those 2 other certs and their training will prepare you to pass the GPEN. CEH will go over some of the tools (Netcat, Zap, BurpSuite, Nikto) and OSCP has more hands on in the Metasploit area that you will need to know. However I am not sure how much both of them go over Scapy, tcpdump, Nmap, SQL Injection, etc.. I guarantee you will need to know Scapy, tcpdump, and Nmap and how they work. Also needed to know are the ways to on how to conduct yourself for planning and executing a pen test in a business sense. I.E. What forms do you need before conducting a test on a company, scope of the test, end report writing and terminology. Best bet is take the course online or live. If you can't afford it (Most people including me can't) there is always the reduced cost route of becoming a TA during one of their live events.

LionelTeo

You cannot challenge GPEN with CEH. In fact, CEH material is so much closer to GCIH as compare to GPEN. CEH is simply GCIH without the Incident Handling part. While GPEN is CEH without project scoping and how to scan fast within a network. Knowing how to scan is one thing, understanding how to scan fast and effective is another!

GPEN have a huge good section on reporting, project scoping, therefore, you would require a good substantial knowledge for project scoping.

If you would still like to challenge GPEN, I would suggest reading the following books.

The Basics of Hacking and Penetration Testing, Second Edition: Ethical Hacking and Penetration Testing Made Easy: Patrick Engebretson: 9780124116443: Amazon.com: Books
Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide: Lee Allen: 9781849517744: Amazon.com: Books
Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses (2nd Edition): Edward Skoudis, Tom Liston: 9780131481046: Amazon.com: Books *this book is by the course author ed skoudis mainly for GCIH.
Professional Penetration Testing, Second Edition: Creating and Learning in a Hacking Lab: Thomas Wilhelm: 9781597499934: Amazon.com: Books Note: This book is totally useless for technical knowledge but this is the ultimate for project scoping, which is important for penetration testing
Additional: Legal law for common countries: USA/UK/SG/Japan/Germany

For OSCP, I recommend the following material
Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide: Lee Allen: 9781849517744: Amazon.com: Books *similar format to OSCP
Metasploit: The Penetration Tester's Guide: David Kennedy, Jim O'Gorman, Devon Kearns, Mati Aharoni: 9781593272883: Amazon.com: Books
Hacking: The Art of Exploitation, 2nd Edition: Jon Erickson: 9781593271442: Amazon.com: Books *Note: This is really very tough, but people use it for good reference for OSCP.
Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers: TJ O'Connor: 9781597499576: Amazon.com: Books *Written by a GSE,OCSE holder
Nmap 6: Network exploration and security auditing Cookbook: Calderon Pale Paulino: 9781849517485: Amazon.com: Books

Additional Time:
The Shellcoder's Handbook: Discovering and Exploiting Security Holes: Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte: 9780470080238: Amazon.com: Books

In fact: After reading all these books, you could probably challenge GXPN as well.

A good progression for CEH/Penetration Tester path would be

CEH -> GCIH -> GPEN -> OSCP -> GXPN -> OCSE

impelse

Thanks for your reply, I am checking the books at Safari Books online. I have a subscription there.