2 GPEN exams to give away

PozziePozzie Member Posts: 13 ■□□□□□□□□□
They expire on July 24th, 2013 12:43 UTC

Message me if you want one.


  • PozziePozzie Member Posts: 13 ■□□□□□□□□□
    I have one remaining for any takers?
  • PozziePozzie Member Posts: 13 ■□□□□□□□□□
    OK all gone now subject to receiving a SANS ID from a taker.
  • PozziePozzie Member Posts: 13 ■□□□□□□□□□
    Both exams now reassigned folks!!
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    I'm assuming you recently passed the exam. How was your experience with it? I just signed up a test date for it and apparently sitting the newer three-hour version.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • PozziePozzie Member Posts: 13 ■□□□□□□□□□
    Hi, yes I recently passed the exam having studied using the OnDemand route. I did the 3 hour format with 115 questions.

    Overall I found the exam to be technically harder than the GCIH as it was much more focused on the specific usage of covered tools like Zap Proxy, Scapy, THC Hydra, Metasploit, Nessus, John the Ripper, Cain and utilisation of Windows Command Line techniques etc. A fair proportion of the questions were screen cap based and really required you to have used these tools in some depth (more than just whizzing through the labs) in order to return a prompt response and avoid getting into time difficulties. However there was an interesting run of screen cap DNS orientated questions for example where I feel the correct answers could only have come from having real-life experience as I do not believe that the material and training exercises really examined DNS protection and vulnerability at an adequate depth.

    In my opinion the GPEN affords far less focus on netcat usage and broader scanning techniques than the GCIH, much more on vulnerability assessment, exploitation, and pivoting which makes sense given the GCIH and GPEN are related. There was some material on the OnDemand training modules that was not included in my hardcopy training manuals like Volume Shadow Copy Service re AD password attacks so I had to reconcile the missing gaps in the lead up to the exam.

    I felt the wireless and web security content in the courseware/exam was at the same level of difficulty as the GCIH. This also makes sense to me given the existence of SANS 542/GWAPT and the SEC617/GAWN options.

    In summary I felt the course/exam was much more product/tool orientated although it did mirror the GCIH in including coverage of governance considerations and overarching process/methodology.

    Hope the above helps...
  • YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
    Great review, thank you.
  • PozziePozzie Member Posts: 13 ■□□□□□□□□□
    Thanks for the feedback/appreciation.
  • billyc123billyc123 Member Posts: 8 ■□□□□□□□□□
    Hi Pozzie,

    If you have any GIAC exam in future, please no hestitate to contact me...
    Many thanks
Sign In or Register to comment.