Ethical Hacker Community Forums

Not sure if anyone else has come across this, but it was posted in the EC-Council portal...


BillV

I wonder what the purpose of this offering is. Are they really just being generous to give free GPEN attempts to CEH holders? Are they hoping that CEH holders will not pass the GPEN? Or are they just trying to figure out some sort of comparison between CEH and GPEN quality?

I'm going with 2 out of 3...and it ain't the first one

p.s. - are we the only ones NOT at BlackHat/DefCon?

Haha, sure would seem like it....

well, us and that other guy who can rename nameless ;)

Off-topic, but did you hear about the French reporters that were kicked out for sniffing traffic? There were two articles I saw, one about the reporters being kicked out and another from the perspective of one of the other reporters that saw them.

Reporters booted for hacking (http://news.yahoo.com/s/ap/20080808/ap_on_hi_te/tec_reporters_hacking_reporters;_ylt=Aisu8i6dP.gU27uUsz_M6E2s0NUE)

Targeted by hackers at my table (http://news.yahoo.com/s/cnet/20080808/tc_cnet/8301100931001115783;_ylt=AhAaV1cmzXt52jYGvgVkE0Cs0NUE)

BillV,

I'll agree with Oneeyedcarmen's analysis. Think it is likely SANs trying to create some nice marketing figures "90% of other certified penetration testers can't pass the qualification...." etc.

I wonder how much access to the course material or time to prepare for the exam they are going to provide? (Or thinking unethically, whether the test engine may get tweaked)

Don't feel too bad about BH/Defcon, I'm stuck in the office too :'(

My guess is they will probably run it just like their "challenge" certificates which means no access to any SANS training material you just have to study what you can find and take the test.  Even at that though it is a heck of a deal because it cost around $ 900.00 to take a SANS test "challenge".

I also agree with RoleReversal and Oneeyedcarmen that this is probably to demonstrate how much more material is covered in the GPEN training compared to the CEH.  I am sure that after taking the test they will ask the participants to write up a review/evaluation comparing the two.

Yeah, I agree.

Looking at the bulletin for GPEN (http://giac.org/certbulletin/gpen.php), there are certainly some things listed there that aren't covered in CEH. In addition, I'm sure that GPEN goes much more in-depth with the topics that are in common.

I'd be surprised to find any CEH holder that hasn't had experience with everything listed in that bulletin though. Maybe they're underestimating just a little too far? I can certainly assume that the SEC-560 course is probably a little better than your standard CEH course, and probably more useful too. I can't say for certain since I have no experience taking it.

I did sign up to take this exam and was accepted. I'll update as I can. Did anyone else sign up?

I signed up and luckily managed to get the last slot.  I will also post what I find out.

For everyone who managed to get in on this I just scheduled my exam and GIAC gives you two free practice tests with the GPEN attempt.  They normally do this with all their challenge exams but with the free attempt I assumed they wouldn't but they surprised me!   ;D

That's pretty sweet!

Hi, this is my first post.

I am a CEH and I`m going to do the GPEN exam (GPEN - CEH Challenge), any of oyu knows where I can find ebooks or something to prepare for this certification???

Thanks!

Yeah, you can use two things:

Certification Bulletin (http://www.giac.org/certbulletin/gpen.php)
And as previously stated, the practice tests

The bulletin pretty much tells you what you will need to know for the test. Use it as a prep-guide and then once you've scheduled the exam, use the practice tests.

BillV

I managed to pass the GPEN exam this morning!  Woot!  I am very excited especially since I work night shift and usually get up at 2:00 PM but had to get up at 9:00 AM to test so I am overdosed on caffeine right now!  Once I stop jittering from the excessive coffee I will post some of the insights I got from the exam.

Well done & looking forward to your insights.

Don

Congrats on the pass, definitely looking forward to the review!

Here is the general impression I got from the GPEN exam.  First off I want to say the GPEN exam was much better then the CEH exam.  Let me explain quickly why I say that.  After I got done and while I was taking the CEH exam I kept seeing questions in which I disagreed with the 'correct' answer.  I knew which answer the EC-Council wanted but there were at least 10-15 questions that I believe (and usually the CEH course ware backed me up on this) didn't have a correct answer.  That really annoyed me.  The GPEN didn't have anything like that even the questions I got wrong, and there were quite a few :(, I could see why I was wrong.  OK, enough of that rant. 

The next thing I want to say about this exam (and I presume the class also) is it is much more focused then CEH.  I know I keep comparing to CEH and I am not meaning to disparage it but most people on this forum are familiar with it so it is an easy comparison.  Instead of going over all of the available tools it picks on the most popular/best tools in the trade and goes into how to use those tools to achieve the best results.  I was also very happy and impressed that a lot of pentesting methodology information came up.  This made even the exam seem a lot more professional and less of a 'hacker' cert.  Probably the biggest surprise I received taking the test was the difficulty of the exam.  I was honestly scared to death of this test.  With all the top level names that are attached to the class and with the high level of technical content that the class is stressing I figured the exam was going to be "Ed Skoudis Genius Level Hard".  Which is way above me :D.  I was pleasantly surprised to find out that while it was highly technical it wasn't beyond what a typical experienced pentester would know. 

That's about all I have.  I will mention the practice tests were great and while they weren't the actual test questions they gave you a good feel for what to expect.  I do want to caveat the above review with the fact that I didn't take the SAN training, even though I really wanted to, so I have no idea what that is like this is strictly my impression of the exam/practice test.  I highly recommend this exam or training for any CEH or pentester.

What you have just explained is the ECSA/LPT equivalent.  If you go through the bootcamp that EC-Council offers for ECSA/LPT, you would be suprised at how much different it is than C|EH.  It is more focused on Pen Testing, the Methodolgy, etc.

The C|EH course was not intended to make you a Pen Tester.  It was setup to teach you about all the tools.  It was a baby step to lead to ECSA/LPT.

I sit for my ECSA exam in 2 days.  I just went through the ECSA bootcamp.  You really can't compare C|EH to GPEN.  You could compare EC-Council's ECSA/LPT to GPEN though.

Anyway, really glad you enjoyed the class and courseware on it.