Thanks H1t M0nk3y!  

They were very quick with me as well, I wonder if it's an auto-mail if you pass with 85% or above? I received 2, one in common and another for EMEA (since I live in Europe). I didn't read anything about you need two SANS or GIAC certifications, but maybe they'll reply back to me with that info not written anywhere  

I'll try to remember to inform you what the reply was, so far I'm close to waiting 10 business days (which is the handling time they wrote it would take). I'm patient anyway 

I completely agree that you should ask these questions first, when defining the scope 

Thanks hayabusa!  Congratulations with the 85%, you'll receive a mail from SANS most likely as well about becoming a mentor, if you passed with that score or above, but the bummer is that you have to find students yourself I heard. 

With some of the questions, I felt that more than one could possibly be correct, so I got in doubt, and chose the one that I believed GIAC would think was correct. Then it appeared to be most likely the one I initially would've picked. It was mostly some of the non-technical questions that can easily be misunderstood due to there's so many different terminologies imho, but I like my passing score 

I commented also about the very application specific questions, informing them that not all pentesters use this particular program, some uses others as this other program may have more features, be more reliable, or simply just be more efficient and simple than the other.



I think that is one of the reasons most of us is here, the user-base 

Take a look at the OSSTMM pentest framework, or the PTES framework. If there's absolutely nothing within these..

These are some questions I might ask, to make my life easier as a Penetration Tester:
- Where is the Web App hosted? In-house or outsourced?
- Which operating system is hosting the Web App?
- What kind of possible virtualization is being used on the Web App server?
- Are you using any known CMS's and similar Web Apps, or are you using custom coded applications or a mix?
- What type of database are you using, if any?
- Which server-side language is used on the Web App server? (PHP? ASP?)
- Are you using a well known webserver, if yes, which? If not, coded in-house or via 3rd party?
- Any particular modules / add-ons you have installed on your webserver?
- Is it possible for me / us to obtain a copy of the code you host on your webserver, so we can review it for vulnerabilities?

These are of course technical questions. You might ask these questions as well:
- Are there any critical web applications, we should avoid using dangerous attacks on?
- Is there a mirrored backup server, for us to test the web application(s)?

Well, there's a lot more and these are just some of my contributions. About networks in short: Topology, Switches, Routers, Protocols, etc.


Good luck, I hope some of these questions were useful even though you should use those you believe are the right to use 

if($option == 'C') {
$x = 'C';
} else {
$x = 'C++';
}

// OR perhaps like this: $x = ($option == 'C') ? 'C' : 'C++';
// It's been a few months since I used one-liner if-conditions but it should work   (Note: That's PHP syntax I used.)

echo 'Search for this on Google: Learn '. $x .' in 21 days or similar.';


It isn't the most user-friendly guide, and there are real books as well.
Try: C Primer Plus or C++ Primer Plus, if that is what you want to learn.

Enjoy!  

If you wonder why, it's to make sure you're who you say you are, so you don't start sharing their course material, on warez forums, etc.  Just be patient and try sending them a mail, from another account as chrisj suggested.

Good luck, you'll need it 

Ask Acidgen on the Freenode IRC network, when he's online   He will know, even though he loves Offensive Security too and will probably recommend that since it gives you good hands-on experience in a legal and challenging lab  

If you want something internationally accepted, it's CISSP and CEH most likely. Right after it's SANS courses and GIAC certifications, or additional ISC2 certifications.

How to bypass defenses the best way, is not something GPEN will teach you nor many other certifications. OSCE (actually CTP) can show you the door including handle, but it is only a part of it you see. OSCP (PWB) will show you the base of the door, and the surface of it.

To see it all, and walk through it, OSCP and OSCE can help you, but I am not aware of any certificate that goes to such a level that you describe. By defense in this case I'm describing, I mean all kinds of defenses. (e.g., 802.11 / WiFi, Physical Security (Social Engineering?), Logical / Virtual Security (Protocols and Programs mainly), and all that lies in between.


Writing a good report (this is also a part of the pentest), is something OSSTMM and GPEN (actually the associated SANS course, at a very basic level) can help you with. There was a very nice article in the May Issue of the PenTest Magazine about writing articles, with some very nice jokes as well on how not to do it. I just wish it was free so I could share it with you 

Performing a good pentest, this is something not only GPEN (and probably CEH too) but also OSCP and OSCE can help you with. GPEN is not very much hands-on, mostly theoretical while OSCP and OSCE are big-time hands-on and very practical courses, but you probably already know that.

Even CISSP can contribute to becoming a better PenTester but this certificate alone, is not a guarantee imho  (These are just humble opinions.)

If you want another nice guide, on how you could begin writing simple shellcode, try reading this:
http://intern0t.net/papers/Manual Shellcode.pdf

At the end of it, with perhaps a little research of your own, you should be able to play and understand assembly at the basic level   This paper also has some information about the use of assembly, but it is not directly about it: http://intern0t.net/papers/BPAV - InterN0T.pdf

Awesome review, it sounds somewhat like GPEN but then again, it also does not  I guess the main difference is GPEN focuses on Penetration Testing in particular while CEH focuses more broadly on the ethical hacking topic?

It's hard to say, at least for my part as I haven't done CEH, yet 

This is how I would classify each area within InfoSec associated with languages:
- Web Application Security: PHP or ASP(x), additionally: HTML, CSS, JavaScript. (And other web technologies perhaps.)
- Buffer Overflows: Python is good for starters, if you don't like this, try Ruby or Perl.
- Code Review of Programs: C, C++, or perhaps even C# depending on the programs you're going to review. I'd suggest C and then C++, but that is just my humble opinion.
- Linux Automation: Bash (generally good for various tasks during pentesting.)
- Shellcoding: Assembly (IA32 for starters.) Check http://www.projectshellcode.com/

For most web application languages: w3schools
Python: There's so many resources and books about this, ask in IRC

Congrats SephStorm ! Keep up the good work, I'll be reading the review as well 

Thanks j0rDy! If I had trusted my own opinions more, (I was thinking in "GIAC terms" on occasion), I probably would've scored a little bit higher. But it was a nice score that I found acceptable  Nothing new currently, well, besides a few projects, etc. but that is not related to this certification 


Thanks n1p! If you want the easiest way I'd go with a self-study course of SANS SEC560, but the OSCP course with perhaps OSWP, general knowledge, laws in e.g., UK, USA, Japan, Singapore, Germany and perhaps a few other countries will do much good. (Don't forget ethics, terminology, how a report is written, and other topics like these.)

It is possible to pass without any knowledge of laws, but it will probably be right on the edge. If you read The Penetration Testers Open Source Toolkit vol. 2, NIST SP800-42, skim through ISSAF, know about OSSTMM, have a good idea of the ethics and terminology of a penetration test, and have a good base knowledge within Web Application Security, Post-Exploitation, Buffer Overflows, commands in linux and windows (post-exploitation), reconnaissance, information gathering, exploits in general, password attacks, and wireless attacks, then you're good to go.

I wrote a few more things here as well:
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,7071.msg38351/#msg38351

In short: "Jack of all Trades" (no speciality), or "Know most of the common attacks, defenses and information / technology related to these, this is your baseline for passing GPEN.

Without having studied (at all), I got a score of 77% during a practice test. (enough to pass.)
I failed primarily on laws, because they were not related to neither Denmark nor Sweden at all. Some of the terminology was a bit rusty on my part as well, but all it took was some dedication 



Thanks Agoonie! Oh it can't be compared to OSCE at all! GPEN is a good baseline certificate, but it does not give you the hardcore hands-on experience that OSCE or for that sake even OSCP does.

I haven't taken CEH yet, but I think it may be somewhat related to GPEN. Another certificate I've seen from GIAC was GSEC, it looks similar to CISSP. (I haven't done these either.)

It was nice in many ways, to obtain my second certification though 

Thanks lorddicranius!


It forced me into some nice theory, about topics I hadn't read much about, until I had to prepare for the exam