GCIH or GPEN - What's the difference in the courses?

f0rgiv3nf0rgiv3n Connection OverlordMember Posts: 598 ■■■■□□□□□□
I'm looking to take some training this year and am looking at either "Hacker techniques and incident handling" or "Network penetration testing".

Has anyone taken both of these courses and could describe either one? I'm looking for a more detailed course and low level instead of high level.


  • cyberguyprcyberguypr Senior Member Mod Posts: 6,915 Mod
    I can only speak for GCIH. This course is all about defense and countermeasures. Format is basically an explanation of the incident handling process phase by phase. For each one, popular exploit tools and techniques used by the bad guys are presented, along with "been there done that" techniques to defend against them.

    To provide a concrete example, the Scanning phase touches on the following concepts/tools/defenses:
    - War dialing (THC-Scan, Warvox): scan yourself, kill modems if possible, use crypto if modems are required
    - Wireless (Netstumbler, Wellenreiter, Kismet) : use IDs, AirMagnet, avoid TKIP + IKE
    - NMAP scans: kill services + unused ports, IDS signatures, use lsof or netstat

    There are selected labs for each section. But since there's a lot of material crammed in the course, there's not much depth in the covered topics. Dorice covered that here.

    I think it depends what direction you want to go. If going Red Team, GPEN fits the bill. If going Blue, GCIH make more sense.
  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    GPEN - more on project scoping, reporting, methodology, enumerating and scanning fast, pivoting
    GCIH - a generatic overview of all attacks and more on incident handling.

    A portion of knowledge is somewhat related around the same concept even though they are cover slightly differently.
  • G.HaydukeG.Hayduke Member Posts: 13 ■□□□□□□□□□
    I decided to go for the GPEN instead of the GCIH because I wanted to focus more on the offensive side. However, I think GCIH is a more known and somehow "marketable" cert. I've yet to see job postings asking specifically for SEC560 or GPEN certified professionals. But if you want to focus only on pentesting, I think you should definitely go for the GPEN. The material is really good and hands on.

    I also traded my extra GPEN practice test for a GCIH test and I passed it knowing mostly the GPEN material. It repeats itself in a lot of domains and most of what is not on the GPEN course is easy to grasp (incident handling methodology and basics on forensics comes to mind).
Sign In or Register to comment.