+ Reply to Thread
Results 1 to 7 of 7

Thread: Passed GPEN

  1. Senior Member
    Join Date
    Feb 2017
    Location
    Washington
    Posts
    116

    Certifications
    OSCP, OSWP, GPEN, CEHv9, eJPT, A+, Security+, Linux+, CySA+, LPIC-1, CCENT, Linux Essentials
    #1

    Default Passed GPEN

    Welp finally took the exam today and passed with an 82. Woohoo! It is definitely not an easy exam and while I didn't score the highest, I'm glad I studied as much as I did and brought in my notes and such. I have to say that even though this is a written exam, it does stand it's own against eCPPT and OSCP. I've attempted all three exams (work got in the way of the eCPPT try) and while OSCP is definitely the most challenging, they all really test you on your knowledge. I feel like people have made the comparison before, but I felt OSCP made me a better hacker but GPEN made me a better penetration tester. All have different approaches and styles of teaching but really drive home the concepts (unlike the good ole CEH).

    For those that are interested here's my quick take on all the exams.

    GPEN - Really teaches you the methodology and approaches to various situations while also covering the entirety of conducting a penetration test. Doesn't go very deep on web applications or actual exploitation (Focused on metasploit) but does a good job of covering reconnaissance and post exploitation. FOCUS: Methodology, Preparation and Reporting

    OSCP - Much more into the exploitation of systems, as well as basic exploit development. I definitely learned more spending time in the labs then from any other resources out there. Exam is mainly difficult because of the time crunch. FOCUS: Hands on exploitation and sufferance

    eCPPT - great combination of material, seems like an slightly less OSCP sprinkled with GPEN stuff. Labs are different then OSCP, you can run through them or have a walkthrough guide show you how to do them, I prefer this method but you may not learn as much as trying harder for the OSCP. I felt they could of done a better job with the buffer overflow lab. Exam is much more relaxed then OSCP since you have 7 days in the environment and 7 for the report. FOCUS: pivoting through network and REPORTING (huge in the exam)

    eJPT - This should be the replacement for CEH. The course is a great introduction and gets you doing hands on exercises. The exam is great since your not thrown into a full out pen test like it's big brother eCPPT or OSCP, but instead your put in an environment where you have to hack into the machines to find information and flags in order to answer questions. I love this format and definitely HIGHLY RECOMMEND this course/exam for anyone even slightly interested in security (offense or defense). FOCUS: methodology and basic exploitation and reconnaissance

    CEH - Felt like Security+ about pen testing tools. Not a very difficult exam, but felt boring because it's 125 questions. I wouldn't recommend getting this unless it's for a specific job requirement. FOCUS: Attack types and tools

    My recommendation for beginner to a wannabe pen tester (me) cert path if you have no limit on funds:
    Security+ -> CEH -> eJPT -> GPEN -> eCPPT -> OSCP

    This is just my opinion but it's more or less the path I'll be taking since I haven't passed OSCP or eCPPT yet. Once I get back from this deployment I'll be back at it and hopefully knock them out sooner rather then later. Considering going for eLearnSecurity's new PTX afterwards. I would love to learn red team/threat emulation tactics as opposed to more exploit development stuff with OSCE/GXPN.
    Reply With Quote Quote  

  2. SS
  3. Senior Member
    Join Date
    Nov 2016
    Posts
    196

    Certifications
    CISSP, CISM, CCSP, CCSK, CASP, CEH, SEC+, NET+, A+, AWS CSAA, AWS CDA
    #2
    Congrats!
    Reply With Quote Quote  

  4. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,524

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, AWS CCP, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #3
    Congrats on the pass!
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, AWS CCP, CEHv8, CHFIv8, ITIL-F, BSBA - UF, MSISA - WGU
    Currently Working On: MS Cybersecurity, AWS Certified Security - Specialty, Learning Linux & Python
    Next Up:​ AWS Certified Solutions Architect - Associate
    Reading:​ A Cloud Guru, Code Academy
    Reply With Quote Quote  

  5. Senior Member kMastaFlash's Avatar
    Join Date
    Aug 2012
    Posts
    952

    Certifications
    A+, Network+,Security+, DECA-ISM v2, MCP, MTAx2 , CCENT, CCNA R&S,C|EH,C|HFI,Linux+,LPIC-1,E|CSS,E|CES,GPEN,OSWP,Server+,LPT,GCIH,E|CIH,E|CSA
    #4
    Congrats bro! What's next for 2018?
    2018: E|CSP,CISSP,CCNA-Security,CSA+,eCRE.CAST 611,CWNA,GWAPT,GNFA,GXPN,JNCIA,WCNA
    2019: CCSK,eLearnSecurity courses,VCP-NV
    2020: LPIC-2
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Oct 2017
    Location
    Asia
    Posts
    132

    Certifications
    CASP, CRISC, CISA, CISM (application pending)
    #5
    Congratulations! Thanks for the review and info!
    Reply With Quote Quote  

  7. Junior Member
    Join Date
    Nov 2017
    Posts
    20

    Certifications
    Certified PC Pro, MTA 98-367 Security Fundamentals
    #6
    Reply With Quote Quote  

  8. Junior Member
    Join Date
    Aug 2016
    Posts
    8
    #7
    Congrats... and thanks for the comparison... guess I'm doing OSCP next
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks