+ Reply to Thread
Results 1 to 20 of 20
  1. Senior Member
    Join Date
    Feb 2016
    Location
    OKC
    Posts
    100

    Certifications
    A+ CE, Security+ CE, GSEC, GCIH, GPEN
    #1

    Default Passed GPEN Yesterday!

    Took the 560 course in Bethesda last month, and rushed to take the exam before the end of the year. Passed with a 94%, which felt pretty good. Definitely think the practice exams were quite a bit easier than the real exam, but I also think I got bombarded by password attacks and powershell stuff on the real test, stuff I was less prepared for. Overall, there's quite a bit of overlap between GCIH and GPEN, but the tools are less broad and a bit deeper. But getting the GPEN done means I managed to knock out 3 SANS certs in 12 months, so not a bad result.

    Now I've gotta figure out what to hit in 2018. I'll be doing the 542 course in April, so between now and then I'm thinking of focusing solely on the eLearnSecurity course that I've barely touched. I'd like to aim for the OSCP track towards the end of the year, but I also have to pick an elective (GMOB, GPYC, GAWN, GXPN) to attend next fall. Open to any suggestions/feedback!
    Reply With Quote Quote  

  2. SS
  3. Completely Clueless TechGromit's Avatar
    Join Date
    Oct 2015
    Location
    Galloway, NJ
    Posts
    1,560

    Certifications
    A+, Network +, GSEC, GCIH, GREM, Lunatic+
    #2
    Congratulations. Seriously someone stop this guy, he's making the rest of us look bad.
    Still searching for the corner in a round room.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Feb 2014
    Posts
    351

    Certifications
    MS in Security Information, Sec+,A+, Server+, Network+, Certified Network Defense Profesional (CNDP), Certified Cybercrime Forensic Investigator
    #3
    Wow thats a great goal! Congratulation!
    2018 Year goals:
    CCNA Cyber Ops - Cohort 5 [Passed SecFnd, going for SecOps]
    CCENT-CCNA [loading..]
    "They say my dream is to big, I say they think to small" Brad Sugars
    Reply With Quote Quote  

  5. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,524

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, AWS CCP, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #4
    Congrats on the pass!
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, AWS CCP, CEHv8, CHFIv8, ITIL-F, BSBA - UF, MSISA - WGU
    Currently Working On: MS Cybersecurity, AWS Certified Security - Specialty, Learning Linux & Python
    Next Up:​ AWS Certified Solutions Architect - Associate
    Reading:​ A Cloud Guru, Code Academy
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Nov 2016
    Posts
    196

    Certifications
    CISSP, CISM, CCSP, CCSK, CASP, CEH, SEC+, NET+, A+, AWS CSAA, AWS CDA
    #5
    Congrats!
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Oct 2017
    Location
    Asia
    Posts
    132

    Certifications
    CASP, CRISC, CISA, CISM (application pending)
    #6
    3 SANS certs within 12 months!??! A big congratulations to you!
    Reply With Quote Quote  

  8. Senior Member YuckTheFankees's Avatar
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,255

    Certifications
    A few..
    #7
    Congrats!
    Reply With Quote Quote  

  9. Member
    Join Date
    Sep 2017
    Posts
    41
    #8
    Quote Originally Posted by globalenjoi View Post
    Took the 560 course in Bethesda last month, and rushed to take the exam before the end of the year. Passed with a 94%, which felt pretty good. Definitely think the practice exams were quite a bit easier than the real exam, but I also think I got bombarded by password attacks and powershell stuff on the real test, stuff I was less prepared for. Overall, there's quite a bit of overlap between GCIH and GPEN, but the tools are less broad and a bit deeper. But getting the GPEN done means I managed to knock out 3 SANS certs in 12 months, so not a bad result.

    Now I've gotta figure out what to hit in 2018. I'll be doing the 542 course in April, so between now and then I'm thinking of focusing solely on the eLearnSecurity course that I've barely touched. I'd like to aim for the OSCP track towards the end of the year, but I also have to pick an elective (GMOB, GPYC, GAWN, GXPN) to attend next fall. Open to any suggestions/feedback!
    Congrats on the pass! If you are looking at those electives, let me give you some insight as I have a few of those certs:

    GMOB - Only take this if you really plan on hitting Android phones hard and doing pen testing against apps. It is a super fun course though!

    GAWN - Probably my favorite security class. Day 1 and 2 are packet heavy but then after that you are breaking stuff every day and all day. Very relevant to today's environments: both home and business

    GXPN - If you thought GPEN was easy, this course will be humble you. Lots of network manipulation and smashing the Stack in both Windows and Linux. Fun course, but it made my eyes heavy

    GPYC - Haven't taken the cert, but a fun class if you're a python nerd like me. For the most part, it is just a structured programming course though imo.
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Feb 2016
    Location
    OKC
    Posts
    100

    Certifications
    A+ CE, Security+ CE, GSEC, GCIH, GPEN
    #9
    Thanks all! Felt pretty good, but then I got confirmation that I kind of screwed myself... Took the test early, which ended the graduate "class" early, which resulted in an amendment in my GI Bill claim. It means I save some time on my GI Bill, but also shorted myself out of around ~$3,000 housing allowance I think. Not the end of the world, but worth keeping in mind for the future, as I've been using the housing chunks to pay for additional training where I can!

    Quote Originally Posted by Randy_Randerson View Post
    Congrats on the pass! If you are looking at those electives, let me give you some insight as I have a few of those certs:

    GMOB - Only take this if you really plan on hitting Android phones hard and doing pen testing against apps. It is a super fun course though!

    GAWN - Probably my favorite security class. Day 1 and 2 are packet heavy but then after that you are breaking stuff every day and all day. Very relevant to today's environments: both home and business

    GXPN - If you thought GPEN was easy, this course will be humble you. Lots of network manipulation and smashing the Stack in both Windows and Linux. Fun course, but it made my eyes heavy

    GPYC - Haven't taken the cert, but a fun class if you're a python nerd like me. For the most part, it is just a structured programming course though imo.
    I appreciate the info! None of them really fit my current role, so it's a tough pick. I felt pretty comfortable with most of the GPEN content, but I've heard there's a decent gap between it and GXPN. I've got the pentest course from eLearnSecurity to work on for the moment, but I'm wondering if I'll be prepared enough by this fall for the GXPN course. I had planned to start the PWK course and prep for the OSCP towards the end of the year as well, but again, I'm not sure when I should start that with regards to my current knowledge/skill level.
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Feb 2016
    Posts
    211
    #10
    Quote Originally Posted by globalenjoi View Post
    Thanks all! Felt pretty good, but then I got confirmation that I kind of screwed myself... Took the test early, which ended the graduate "class" early, which resulted in an amendment in my GI Bill claim. It means I save some time on my GI Bill, but also shorted myself out of around ~$3,000 housing allowance I think. Not the end of the world, but worth keeping in mind for the future, as I've been using the housing chunks to pay for additional training where I can!
    This has been talked about on the forums in the past.

    Long story short....You are basically saying you can use GI Bill/Post 911 to pay for SANS courses??..??..??
    Reply With Quote Quote  

  12. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,524

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, AWS CCP, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #11
    Quote Originally Posted by GirlyGirl View Post
    This has been talked about on the forums in the past.

    Long story short....You are basically saying you can use GI Bill/Post 911 to pay for SANS courses??..??..??
    From what I remember, you can if you take them as part of either the Grad Certificate or the Master's degree.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, AWS CCP, CEHv8, CHFIv8, ITIL-F, BSBA - UF, MSISA - WGU
    Currently Working On: MS Cybersecurity, AWS Certified Security - Specialty, Learning Linux & Python
    Next Up:​ AWS Certified Solutions Architect - Associate
    Reading:​ A Cloud Guru, Code Academy
    Reply With Quote Quote  

  13. Senior Member
    Join Date
    Feb 2016
    Location
    OKC
    Posts
    100

    Certifications
    A+ CE, Security+ CE, GSEC, GCIH, GPEN
    #12
    Quote Originally Posted by GirlyGirl View Post
    This has been talked about on the forums in the past.

    Long story short....You are basically saying you can use GI Bill/Post 911 to pay for SANS courses??..??..??
    Yeah, I opted to do one of the Graduate Certificates through SANS Technology Institute, as it has lower entry requirements for someone new to the field like me. Started with the Core Engineering cert, but switched after the GCIH over to the Pen Testing cert. As far as I know, it's the only way to use the GI Bill to pay for a cert training like that.
    Reply With Quote Quote  

  14. Member
    Join Date
    Sep 2017
    Posts
    41
    #13
    Quote Originally Posted by GirlyGirl View Post
    This has been talked about on the forums in the past.

    Long story short....You are basically saying you can use GI Bill/Post 911 to pay for SANS courses??..??..??
    Yes, you do their graduate program through SANS Technical Institute (STI). Regionally/Nationally accredited.
    Reply With Quote Quote  

  15. Member
    Join Date
    Sep 2017
    Posts
    41
    #14
    Quote Originally Posted by globalenjoi View Post
    I appreciate the info! None of them really fit my current role, so it's a tough pick. I felt pretty comfortable with most of the GPEN content, but I've heard there's a decent gap between it and GXPN. I've got the pentest course from eLearnSecurity to work on for the moment, but I'm wondering if I'll be prepared enough by this fall for the GXPN course. I had planned to start the PWK course and prep for the OSCP towards the end of the year as well, but again, I'm not sure when I should start that with regards to my current knowledge/skill level.
    I think you'll be fine with GXPN by then. Just keep your head in the game and by the time you get into it, you'll kick its rear. The big thing I can tell you is there is very little, basically none, on any phase OTHER than exploitation and post-exploitation. If you want to learn to how to do it all yourself instead of Metasploit: it will definitely be for you
    Reply With Quote Quote  

  16. Junior Member Registered Member
    Join Date
    Jan 2018
    Posts
    1
    #15
    Hi globalenjoi,
    Could you please share with us your study plan i have exam in March thank you.
    Reply With Quote Quote  

  17. Senior Member
    Join Date
    Feb 2016
    Location
    OKC
    Posts
    100

    Certifications
    A+ CE, Security+ CE, GSEC, GCIH, GPEN
    #16
    Quote Originally Posted by Randy_Randerson View Post
    I think you'll be fine with GXPN by then. Just keep your head in the game and by the time you get into it, you'll kick its rear. The big thing I can tell you is there is very little, basically none, on any phase OTHER than exploitation and post-exploitation. If you want to learn to how to do it all yourself instead of Metasploit: it will definitely be for you
    I actually thought about making a separate post about this very subject: exploitation without Metasploit. I know the OSCP limits the use of the tool, but everything I've studied on so far has relied pretty heavily on the use of Metasploit. I definitely don't have a good understanding of crafting exploits, and I don't really know where to begin. This makes me think I may lean more towards the GXPN if it'll give me the edge on the OSCP.

    Quote Originally Posted by tito9955 View Post
    Hi globalenjoi,
    Could you please share with us your study plan i have exam in March thank you.
    To be honest, I wouldn't say I studied a bunch. The key for me was building the index. My book index was about 6-7 pages, pretty mild, but it was the re-reading through the content that helped a lot of stuff stick in my head. Then, I went and made separate little cheat sheets for different tools. I made a Powershell sheet, a Windows CLI sheet, I made my own Netcat and Nmap cheat sheets as well. Just typing them up helped me remember a ton, and then helped on the test as well.

    Also, I had already been prepping for a web app security position prior to the exam, so I was more than comfortable with the entire web app section. The time I spent working with OWASP BWA and Juice Shop was very beneficial to everything web app.
    Reply With Quote Quote  

  18. Member
    Join Date
    Sep 2017
    Posts
    41
    #17
    Quote Originally Posted by globalenjoi View Post
    I actually thought about making a separate post about this very subject: exploitation without Metasploit. I know the OSCP limits the use of the tool, but everything I've studied on so far has relied pretty heavily on the use of Metasploit. I definitely don't have a good understanding of crafting exploits, and I don't really know where to begin. This makes me think I may lean more towards the GXPN if it'll give me the edge on the OSCP.
    Thankfully the code is pretty generic you'll learn as their SEC760 course is the bread and butter to actually crafting your own based on old exploits they teach you in the class. But 660 you'll get meat and potatoes on how to do the basic type stuff and get it to run properly on Linux and Windows respectively. You'll dive deep in ASLR and DEP as well. Things that will certainly help not only with OSCP but OSCE as well. Honestly, just keep at it this year and you'll be fine by your timeline. Also, get to know and love Ettercap and Bettercap.
    Reply With Quote Quote  

  19. Senior Member
    Join Date
    Oct 2015
    Posts
    193

    Certifications
    GCIH, C|EH, MCSA Windows 10
    #18
    As far as the GI Bill paying for this, don't you have to have a bachelor's degree, even if it's just the certificate program you're signing up for and not the masters? If that's the case, I'll pay for WGU out of pocket and use the rest of my GI bill to get SANS certs since WGU is significantly cheaper and I'm planning on only having to do one term.
    Last edited by fabostrong; 01-18-2018 at 02:19 PM.
    Reply With Quote Quote  

  20. Senior Member
    Join Date
    Feb 2016
    Location
    OKC
    Posts
    100

    Certifications
    A+ CE, Security+ CE, GSEC, GCIH, GPEN
    #19
    Quote Originally Posted by fabostrong View Post
    As far as the GI Bill paying for this, don't you have to have a bachelor's degree, even if it's just the certificate program you're signing up for and not the masters? If that's the case, I'll pay for WGU out of pocket and use the rest of my GI bill to get SANS certs since WGU is significantly cheaper and I'm planning on only having to do one term.
    Yeah, this was my thought process as well. I had been looking at grad programs, and while WGU seemed fine, I realized I would get more for the money by using the GI Bill on the SANS graduate cert. I'm new to security, but I'm fairly sure that 4 SANS courses/certs is more valuable than a WGU grad degree, at least right now in my career.
    Reply With Quote Quote  

  21. Senior Member
    Join Date
    Oct 2015
    Posts
    193

    Certifications
    GCIH, C|EH, MCSA Windows 10
    #20
    Quote Originally Posted by globalenjoi View Post
    Yeah, this was my thought process as well. I had been looking at grad programs, and while WGU seemed fine, I realized I would get more for the money by using the GI Bill on the SANS graduate cert. I'm new to security, but I'm fairly sure that 4 SANS courses/certs is more valuable than a WGU grad degree, at least right now in my career.
    I agree but from what it says on the sans site, I'm pretty sure you have to have a bachelor's degree already. That's what I'm trying to find out for sure.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks