GPEN vs OSCP?

scenicroutescenicroute Member Posts: 56 ■■□□□□□□□□
Anyone done both, and if so, how do they compare to each other?

Comments

  • SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    I don't have both... but if work pay for it go for GPEN it is more prestigious and expensive. OSCP is cheaper and more affordable to pay on your own pocket. If my memory don't play trick with me, GPEN is more traditionnal exam with multiple choice answer and it is open book. OSCP exam is a 24h pentesting challenge.

    My work won't pay for GPEN, too expensive, but I would love to do any SANS course specially GPEN. I applied for work-study.. so I am waiting for my lucky number...

    So it all depend on who pay :)
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    SANS training will give you high quality material with best practices and hands on labs.

    OSCP will give you basic information but expect to do a lot of hunting for information. It's much more geared towards experienced or hard headed people because you really have to keep moving and "try harder".

    Ideally if you can, I would go through GPEN first to get a solid base. I've been through OSCP and SANS courses (not GPEN though) and I prefer the traditional approach to learn a new subject followed by advanced studies.
  • BlackBeretBlackBeret Member Posts: 683 ■■■■■□□□□□
    I've done both, you'll learn a LOT more from OSCP. GPEN can give you a decent base if you're not already familiar with what a pentest is, some of the tools they cover, etc. and it is a traditional method of teaching. The OSCP like others have mentioned doesn't involve a lot of teaching and hand holding, but it covers a lot more topics.

    The big difference between the two is that GPEN is instruction and theory based. OSCP is lab based. GPEN will tell you how a port scanner works. tell you what all of the switches in Nmap do, situations where you might want to use one instead of another. OSCP will have you write a very basic port scanner, then make you use portscanners over and over again on a variety of different boxes, sometimes pivoting through other systems in various ways. You'll learn (the hard way) that when pivoting through the MSF SOCKS proxy you have to use a full connect scan, and only TCP connections are supported, etc. etc.
  • scenicroutescenicroute Member Posts: 56 ■■□□□□□□□□
    Thanks for replies. I was looking at GPEN course prices last night: $6000. Not sure how anyone affords that or what company would pay that much for employee training. OSCP is definitely more affordable.
  • BlackBeretBlackBeret Member Posts: 683 ■■■■■□□□□□
    You would be surprised. My first year at this company we had an unlimited training budget, only requirement was to stay for a year after passing whichever cert test. I hesitated to use it while others were taking 3-4 SANS courses. I regret that now. The merger the company was under completed at now we're capped at 5250/year, can't even get one SANS course.
  • scenicroutescenicroute Member Posts: 56 ■■□□□□□□□□
    BlackBeret wrote: »
    You would be surprised. My first year at this company we had an unlimited training budget, only requirement was to stay for a year after passing whichever cert test. I hesitated to use it while others were taking 3-4 SANS courses.

    Wow, that's a nice deal.
  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    I was looking at GPEN course prices last night: $6000. Not sure how anyone affords that or what company would pay that much for employee training.

    Mostly Government and companies with deep pockets. I'll be taking my third SANS training course in two years, We were told earlier this year that were now limited to one SANS course every two years, but for some reason they added money to the training budget this year to encourage people to get training. So I'm taking advantage of it.
    Still searching for the corner in a round room.
  • _nessie__nessie_ Member Posts: 39 ■■■□□□□□□□
    Thanks for replies. I was looking at GPEN course prices last night: $6000. Not sure how anyone affords that or what company would pay that much for employee training. OSCP is definitely more affordable.
    Work-study / facilitating might be your answer ..
    At least, that was the route I took ..
    https://www.sans.org/work-study

    It's still a matter of a bit of luck to get selected, but it's worth a try ..
    You get the course material, you get on-demand, will receive 2 test-exams as anybody else and the voucher for the exam .. certainly take a peek at the price ..
    Agreed, you need to work for it, but you certainly will get an interesting experience in return :D
Sign In or Register to comment.