Passed GPEN Yesterday!

Took the 560 course in Bethesda last month, and rushed to take the exam before the end of the year. Passed with a 94%, which felt pretty good. Definitely think the practice exams were quite a bit easier than the real exam, but I also think I got bombarded by password attacks and powershell stuff on the real test, stuff I was less prepared for. Overall, there's quite a bit of overlap between GCIH and GPEN, but the tools are less broad and a bit deeper. But getting the GPEN done means I managed to knock out 3 SANS certs in 12 months, so not a bad result.

Now I've gotta figure out what to hit in 2018. I'll be doing the 542 course in April, so between now and then I'm thinking of focusing solely on the eLearnSecurity course that I've barely touched. I'd like to aim for the OSCP track towards the end of the year, but I also have to pick an elective (GMOB, GPYC, GAWN, GXPN) to attend next fall. Open to any suggestions/feedback!

Find more posts tagged with

Comments

TechGromit

Congratulations. Seriously someone stop this guy, he's making the rest of us look bad.

nisti2

Wow thats a great goal! Congratulation!

JoJoCal19

Congrats on the pass!

averageguy72

Congrats!

Info_Sec_Wannabe

3 SANS certs within 12 months!??! A big congratulations to you!

YuckTheFankees

Congrats!

Randy_Randerson

globalenjoi wrote: »

Took the 560 course in Bethesda last month, and rushed to take the exam before the end of the year. Passed with a 94%, which felt pretty good. Definitely think the practice exams were quite a bit easier than the real exam, but I also think I got bombarded by password attacks and powershell stuff on the real test, stuff I was less prepared for. Overall, there's quite a bit of overlap between GCIH and GPEN, but the tools are less broad and a bit deeper. But getting the GPEN done means I managed to knock out 3 SANS certs in 12 months, so not a bad result.

Now I've gotta figure out what to hit in 2018. I'll be doing the 542 course in April, so between now and then I'm thinking of focusing solely on the eLearnSecurity course that I've barely touched. I'd like to aim for the OSCP track towards the end of the year, but I also have to pick an elective (GMOB, GPYC, GAWN, GXPN) to attend next fall. Open to any suggestions/feedback!

Congrats on the pass! If you are looking at those electives, let me give you some insight as I have a few of those certs:

GMOB - Only take this if you really plan on hitting Android phones hard and doing pen testing against apps. It is a super fun course though!

GAWN - Probably my favorite security class. Day 1 and 2 are packet heavy but then after that you are breaking stuff every day and all day. Very relevant to today's environments: both home and business

GXPN - If you thought GPEN was easy, this course will be humble you. Lots of network manipulation and smashing the Stack in both Windows and Linux. Fun course, but it made my eyes heavy

GPYC - Haven't taken the cert, but a fun class if you're a python nerd like me. For the most part, it is just a structured programming course though imo.

globalenjoi

Thanks all! Felt pretty good, but then I got confirmation that I kind of screwed myself... Took the test early, which ended the graduate "class" early, which resulted in an amendment in my GI Bill claim. It means I save some time on my GI Bill, but also shorted myself out of around ~$3,000 housing allowance I think. Not the end of the world, but worth keeping in mind for the future, as I've been using the housing chunks to pay for additional training where I can!

Randy_Randerson wrote: »

Congrats on the pass! If you are looking at those electives, let me give you some insight as I have a few of those certs:

GMOB - Only take this if you really plan on hitting Android phones hard and doing pen testing against apps. It is a super fun course though!

GAWN - Probably my favorite security class. Day 1 and 2 are packet heavy but then after that you are breaking stuff every day and all day. Very relevant to today's environments: both home and business

GXPN - If you thought GPEN was easy, this course will be humble you. Lots of network manipulation and smashing the Stack in both Windows and Linux. Fun course, but it made my eyes heavy

GPYC - Haven't taken the cert, but a fun class if you're a python nerd like me. For the most part, it is just a structured programming course though imo.

I appreciate the info! None of them really fit my current role, so it's a tough pick. I felt pretty comfortable with most of the GPEN content, but I've heard there's a decent gap between it and GXPN. I've got the pentest course from eLearnSecurity to work on for the moment, but I'm wondering if I'll be prepared enough by this fall for the GXPN course. I had planned to start the PWK course and prep for the OSCP towards the end of the year as well, but again, I'm not sure when I should start that with regards to my current knowledge/skill level.

GirlyGirl

globalenjoi wrote: »

Thanks all! Felt pretty good, but then I got confirmation that I kind of screwed myself... Took the test early, which ended the graduate "class" early, which resulted in an amendment in my GI Bill claim. It means I save some time on my GI Bill, but also shorted myself out of around ~$3,000 housing allowance I think. Not the end of the world, but worth keeping in mind for the future, as I've been using the housing chunks to pay for additional training where I can!

This has been talked about on the forums in the past.

Long story short....You are basically saying you can use GI Bill/Post 911 to pay for SANS courses??..??..??

JoJoCal19

GirlyGirl wrote: »

This has been talked about on the forums in the past.

Long story short....You are basically saying you can use GI Bill/Post 911 to pay for SANS courses??..??..??

From what I remember, you can if you take them as part of either the Grad Certificate or the Master's degree.

globalenjoi

GirlyGirl wrote: »

This has been talked about on the forums in the past.

Long story short....You are basically saying you can use GI Bill/Post 911 to pay for SANS courses??..??..??

Yeah, I opted to do one of the Graduate Certificates through SANS Technology Institute, as it has lower entry requirements for someone new to the field like me. Started with the Core Engineering cert, but switched after the GCIH over to the Pen Testing cert. As far as I know, it's the only way to use the GI Bill to pay for a cert training like that.

Randy_Randerson

GirlyGirl wrote: »

This has been talked about on the forums in the past.

Long story short....You are basically saying you can use GI Bill/Post 911 to pay for SANS courses??..??..??

Yes, you do their graduate program through SANS Technical Institute (STI). Regionally/Nationally accredited.

Randy_Randerson

globalenjoi wrote: »

I appreciate the info! None of them really fit my current role, so it's a tough pick. I felt pretty comfortable with most of the GPEN content, but I've heard there's a decent gap between it and GXPN. I've got the pentest course from eLearnSecurity to work on for the moment, but I'm wondering if I'll be prepared enough by this fall for the GXPN course. I had planned to start the PWK course and prep for the OSCP towards the end of the year as well, but again, I'm not sure when I should start that with regards to my current knowledge/skill level.

I think you'll be fine with GXPN by then. Just keep your head in the game and by the time you get into it, you'll kick its rear. The big thing I can tell you is there is very little, basically none, on any phase OTHER than exploitation and post-exploitation. If you want to learn to how to do it all yourself instead of Metasploit: it will definitely be for you

tito9955

Hi globalenjoi,
Could you please share with us your study plan i have exam in March thank you.

globalenjoi

Randy_Randerson wrote: »

I think you'll be fine with GXPN by then. Just keep your head in the game and by the time you get into it, you'll kick its rear. The big thing I can tell you is there is very little, basically none, on any phase OTHER than exploitation and post-exploitation. If you want to learn to how to do it all yourself instead of Metasploit: it will definitely be for you

I actually thought about making a separate post about this very subject: exploitation without Metasploit. I know the OSCP limits the use of the tool, but everything I've studied on so far has relied pretty heavily on the use of Metasploit. I definitely don't have a good understanding of crafting exploits, and I don't really know where to begin. This makes me think I may lean more towards the GXPN if it'll give me the edge on the OSCP.

tito9955 wrote: »

Hi globalenjoi,
Could you please share with us your study plan i have exam in March thank you.

To be honest, I wouldn't say I studied a bunch. The key for me was building the index. My book index was about 6-7 pages, pretty mild, but it was the re-reading through the content that helped a lot of stuff stick in my head. Then, I went and made separate little **** sheets for different tools. I made a Powershell sheet, a Windows CLI sheet, I made my own Netcat and Nmap **** sheets as well. Just typing them up helped me remember a ton, and then helped on the test as well.

Also, I had already been prepping for a web app security position prior to the exam, so I was more than comfortable with the entire web app section. The time I spent working with OWASP BWA and Juice Shop was very beneficial to everything web app.

Randy_Randerson

globalenjoi wrote: »

I actually thought about making a separate post about this very subject: exploitation without Metasploit. I know the OSCP limits the use of the tool, but everything I've studied on so far has relied pretty heavily on the use of Metasploit. I definitely don't have a good understanding of crafting exploits, and I don't really know where to begin. This makes me think I may lean more towards the GXPN if it'll give me the edge on the OSCP.

Thankfully the code is pretty generic you'll learn as their SEC760 course is the bread and butter to actually crafting your own based on old exploits they teach you in the class. But 660 you'll get meat and potatoes on how to do the basic type stuff and get it to run properly on Linux and Windows respectively. You'll dive deep in ASLR and DEP as well. Things that will certainly help not only with OSCP but OSCE as well. Honestly, just keep at it this year and you'll be fine by your timeline. Also, get to know and love Ettercap and Bettercap.

fabostrong

As far as the GI Bill paying for this, don't you have to have a bachelor's degree, even if it's just the certificate program you're signing up for and not the masters? If that's the case, I'll pay for WGU out of pocket and use the rest of my GI bill to get SANS certs since WGU is significantly cheaper and I'm planning on only having to do one term.

globalenjoi

fabostrong wrote: »

As far as the GI Bill paying for this, don't you have to have a bachelor's degree, even if it's just the certificate program you're signing up for and not the masters? If that's the case, I'll pay for WGU out of pocket and use the rest of my GI bill to get SANS certs since WGU is significantly cheaper and I'm planning on only having to do one term.

Yeah, this was my thought process as well. I had been looking at grad programs, and while WGU seemed fine, I realized I would get more for the money by using the GI Bill on the SANS graduate cert. I'm new to security, but I'm fairly sure that 4 SANS courses/certs is more valuable than a WGU grad degree, at least right now in my career.

fabostrong

globalenjoi wrote: »

Yeah, this was my thought process as well. I had been looking at grad programs, and while WGU seemed fine, I realized I would get more for the money by using the GI Bill on the SANS graduate cert. I'm new to security, but I'm fairly sure that 4 SANS courses/certs is more valuable than a WGU grad degree, at least right now in my career.

I agree but from what it says on the sans site, I'm pretty sure you have to have a bachelor's degree already. That's what I'm trying to find out for sure.