GIAC Certified Penetration Tester (GPEN)

[GAngel]

I've just gotten access to the On-Demand portion of the training which i'll start on sunday. So i'm just making a thread to post my experience and thoughts on the course. I'll start from how to apply for facilitator to the week course november 23-28 and then writing and hopefully passing the exam before feburary 23rd 2010.

Stay tuned seems like alot of info.

[GAngel]

You apply for the SANS workstudy program under the training/workstudy section of the website. It asks about your goals for doing the program, where you are in your career currently and where you want your career to go.

Reasons for doing the workstudy are on the website so i won't go into them besides that it's $700 for a course including certification that normally costs $3500. You have to fill out an application for each event you'd like to facilitate at and in my case SANS got back to me within 10 days.

Acceptance into the course is through email. You must fax back the acceptance letter by a certain date and then follow the other instructions for signing up to facilitate.

You are expected to review all the information prior to the course as you are working to provide a better program not only for yourself but the other students as well. I won't go into detail what's all included in the training but by the quick overview there is plenty of hands on and a huge amount of information.

[GAngel]

I couldn't wait to go through some of the material so I'm listening to one of the lessons by ed skoudis and in it he talks about Encrypting File System (EFS).

He says its really aweful. "It's shockingly bad and you could make a really strong argument its worse than nothing."

Why because the crypto key is protected (in most environments) with just the users password for the OS.
You can dump the password hash and crack it or pass the hash.

Another problem is if you drag a file into the EFS drive it encrypts it and leaves a clear text copy in the original file system spot. It doesn't properly wipe.

[dynamik]

The material is fascinating, and Ed's just freaking awesome in general. I'm going to hit up his webcasts as soon as I get a chance.

This one is definitely on my to-do list. I can't believe there's currently < 700 (and I work with three of them).

I'd love to do the GSE eventually; there's only 16 of those!

Too bad the GSEC's a prereq for that. I emailed and asked if I could substitute something else for that and they said no. That seems like kind of a waste to me since it's basically just a Security+ on steroids. Oh well...

[JDMurray]

Too bad the GSEC's a prereq for that. I emailed and asked if I could substitute something else for that and they said no. That seems like kind of a waste to me since it's basically just a Security+ on steroids. Oh well...

Have you seen the stack of course material required for the GSEC? The information in just the first manual alone puts the GSEC's difficulty way ahead of the Security+. I'd love to sit in a GSEC workshop, but the instructor is required to present the material at such a break-neck speed that I'd probably not end up retaining much of the information.

[dynamik]

Have you seen the stack of course material required for the GSEC?

Yep, it's within 5ft of me at the moment. I've paged through about half of it. MCSE:S took care of the Microsoft stuff, and pretty much everything else has been review...

[GAngel]

The material is fascinating, and Ed's just freaking awesome in general. I'm going to hit up his webcasts as soon as I get a chance.

This one is definitely on my to-do list. I can't believe there's currently < 700 (and I work with three of them).

I'd love to do the GSE eventually; there's only 16 of those!

Too bad the GSEC's a prereq for that. I emailed and asked if I could substitute something else for that and they said no. That seems like kind of a waste to me since it's basically just a Security+ on steroids. Oh well...

If i had a year off and 20k it would be at the top of my list.

[unsupported]

Too bad the GSEC's a prereq for that. I emailed and asked if I could substitute something else for that and they said no. That seems like kind of a waste to me since it's basically just a Security+ on steroids. Oh well...

GSEC is not a requirement for GSE anymore! I am on the GIAC Advisory board and they just announced the changes. The prerequisites are changed to allow the substitution of other upper level SANS course for the gold requirement and it also allows the removal of the GSEC. Check it out at, GIAC Security Expert (GSE). This is what it boils down to:

GSE Pre-requisites (updated 10-12-2009):

GSE pre-requisite baseline is: GSEC, GCIH, GCIA with two gold.

GSEC pre-requisite is unique because of dual windows and unix coverage.
Substitution options:

1. GCWN & GCUX combined can act as a substitute for GSEC
2. Higher level certifications can act as substitutes for gold papers examples: GCFA, GCFW, GCUX, GCWN, GCED, GPEN, GWAPT, GAWN, GREM

GSE pre-requisite list (including substitution options):

(A) GSEC, GCIH, GCIA with two gold
(B) GSEC, GCIH, GCIA with one gold and one substitute
(C) GSEC, GCIH, GCIA with no gold and two substitutes
(D) GCWN, GCUX, GCIH, GCIA with one gold
(E) GCWN, GCUX, GCIH, GCIA with no gold and one substitute

I've been toying with the GSE, but I'm too busy with school. I hope this helps.

[GAngel]

GSEC is not a requirement for GSE anymore! I am on the GIAC Advisory board and they just announced the changes. The prerequisites are changed to allow the substitution of other upper level SANS course for the gold requirement and it also allows the removal of the GSEC. Check it out at, GIAC Security Expert (GSE). This is what it boils down to:

GSE Pre-requisites (updated 10-12-2009):

GSE pre-requisite baseline is: GSEC, GCIH, GCIA with two gold.

GSEC pre-requisite is unique because of dual windows and unix coverage.
Substitution options:

1. GCWN & GCUX combined can act as a substitute for GSEC
2. Higher level certifications can act as substitutes for gold papers examples: GCFA, GCFW, GCUX, GCWN, GCED, GPEN, GWAPT, GAWN, GREM

GSE pre-requisite list (including substitution options):

(A) GSEC, GCIH, GCIA with two gold
(B) GSEC, GCIH, GCIA with one gold and one substitute
(C) GSEC, GCIH, GCIA with no gold and two substitutes
(D) GCWN, GCUX, GCIH, GCIA with one gold
(E) GCWN, GCUX, GCIH, GCIA with no gold and one substitute

I've been toying with the GSE, but I'm too busy with school. I hope this helps.

I was actually looking over the updates with dynamic and quite frankly it may as well be unless someone wants to do it at twice the cost to get GCWN & GCUX you must hold GSEC. The only things the other exams really do is substitute gold papers which once again would come at a huge cost dis-advantage as opposed to doing the papers.

The economical way to do it for someone who is paying for it themself is option A.

[dynamik]

It was funny, I actually emailed them on the 12th and bitched about GSEC being a requirement

Yea, I'm not going to take advantage of the substitution since it's twice as much money for those two. However, it is nice to be able to substitute the GPEN and GCFW for the two gold papers (when I theoretically get them in the future).

[Paul Boz]

I was hoping that the GCFW would sub for the GSEC but that not being the case I don't really see the GSE in my future. I'm not interested enough in Windows and Unix security to spend $3500 on the courses and I feel doubly that way about the GSEC. I know that the GCFW counts as a gold paper but I'm intending on writing a paper for the GCFW anyway. Ho hum.

[dynamik]

So do GSEC, GCFW + Paper, GCIH, and GCIA. You can challenge the GSEC for $900.

[GAngel]

So do GSEC, GCFW + Paper, GCIH, and GCIA. You can challenge the GSEC for $900.

$900 for a security++ exam

Just got an email from SANS they have a new cyber guardian program that looks fantastic.
About the Program

SANS' Cyber Guardian program is designed for the elite teams of technical security professionals who are part of the armed forces, Department of Defense, or other government agencies whose role includes securing systems, reconnaissance, counterterrorism and counter hacks. These teams will be the cyber security special forces where each individual's role makes the team successful.

What a CISSP should really be i'd wager not a one off test:
Program Prerequisites

• A minimum of 5 years of experience in information security
• Outstanding performance reviews from commanders/managers
• Recommendations from commanders/managers and peers
• Completion of the GIAC Security Essentials Certification (GSEC) exam with a score of 80 or above or hold a CISSP certification

Exams you write are GSEC,GCIA,GCFA and GPEN + GSE

[veritas_libertas]

$900 for a security++ exam

Just got an email from SANS they have a new cyber guardian program that looks fantastic.
About the Program

SANS' Cyber Guardian program is designed for the elite teams of technical security professionals who are part of the armed forces, Department of Defense, or other government agencies whose role includes securing systems, reconnaissance, counterterrorism and counter hacks. These teams will be the cyber security special forces where each individual's role makes the team successful.

What a CISSP should really be i'd wager not a one off test:
Program Prerequisites

• A minimum of 5 years of experience in information security
• Outstanding performance reviews from commanders/managers
• Recommendations from commanders/managers and peers
• Completion of the GIAC Security Essentials Certification (GSEC) exam with a score of 80 or above or hold a CISSP certification

Exams you write are GSEC,GCIA,GCFA and GPEN + GSE

SANS Cyber Guardian Program

[dynamik]

$900 for a security++ exam

We share that sentiment, believe me...

[JDMurray]

And having "GSEC" on your resume doesn't do much for you, unless you are a DoD contractor or are teaching the GSEC class.

[GAngel]

I finally started getting into the ondemand material. Only 2 weeks left until the class. On the last 2 parts of section one which I'll finish tonight. Been nothing but a refresher so far which is good expect section two to be more hands on. Very good advice for the industry far more than I expected.

[GAngel]

I downloaded freebsd and fedora 11 last night and spent it doing the linux brush up section in the course. (this part alone is probably worth the money for the course) I'll probably have to do it 5-10 more times to really get back into things but i'm enjoying it. I'm just over 30% of the way through the on demand and it's been nothing but quality so far.

Only 10 days till the class now so accelerating the learning curve a bit. Hope to be at 70% by the end of the weekend.

[GAngel]

Another little tidbit I picked up is that nmap,nessus,snort all are programmed in a language called lua

[dynamik]

I thought Lua was used to script those, not that they were programmed in them.

And I believe Nessus uses NASL, not Lua. Lua is also supported by Wireshark.

[GAngel]

I thought Lua was used to script those, not that they were programmed in them.

And I believe Nessus uses NASL, not Lua. Lua is also supported by Wireshark.

woops wrong word script is correct. You can create scripts to run in all three using lua. Yes to wireshark. My brain is a total mess between taking that god aweful buckley's and being at this for the last 5 hrs.

[JDMurray]

Lua is a freely-available scripting language that first found wide use in the computer gaming world, where it got noticed by the Hack-ish community as a good alternative to PythonScript, or inventing your own ad hoc scripting language. Commercial companies have also adopted Lua as a way to a way to configure and extend their products (Adobe Lightroom is suppose to be around 40% Lua). There are a couple of good books about Lua too.

[GAngel]

I've finally had a chance to update this. It's been a whirlwind week.

It was GPEN with bootcamp so it went from 9-7 on most days. We covered everything from writing the report to using rainbow tables.
The course was thought by Rick Smith one of the GSE's and he's a smart cookie. He took the time to answer everyone's questions throughout the course. The capture the flag on the last day is challenging. Do-able if you have the time to sit and think about it but we all ran out of time in our groups though one team got extremely close.

There was a mix of security pro's there from all across eastern canada so lots of good networking went on.

As for being a facilitator the main duties were helping set up the lap, cabling, network. Getting everyone checked in and all there stuff assigned to them on day one. Collecting the evaluations and tallying them daily and generally answering questions and making sure everyone was ok. Very good trade off for what I learned.

I did learn you can buy the sans coursebooks usually available at one of the big conferences. We had a couple of extra books and it was being sold to us if we wanted to give it to others we knew if they wanted to challenge the exam.

Once i get the email to take the exam I'll schedule it for about 2 weeks time and in the meantime I'm going over all of it again.

[dynamik]

I did learn you can buy the sans coursebooks usually available at one of the big conferences. We had a couple of extra books and it was being sold to us if we wanted to give it to others we knew if they wanted to challenge the exam.

Really? You can only buy them at the conferences? How much are they? I might run out to the New Orleans one (if I don't get selected for work-study) and pick some up.

[GAngel]

Really? You can only buy them at the conferences? How much are they? I might run out to the New Orleans one (if I don't get selected for work-study) and pick some up.

Messaged as I don't know if that's official policy only what we got told.