This offer has been available for a few months. I'm not too sure when they're going to cut it. What's great about it is it can be also used if you want to buy exam vouchers. I used it to purchase 2 Practice and 1 Proctored Test for GPEN, it dropped the price down to about $749 if I recall correctly. Also do not forget about their 25% off deal until 10/26 below (Assuming you can pay early):

http://www.sans.org/online-security-training/specials.php

This is an excellent deal, I'm definitely considering it. I purchased the GPEN exam, it came with 2 Practice Tests, and a Proctored. I've used up my 2 practice tests, making progress on the second one but I'm not feeling confident in regards to the laws and a couple other areas. I am kind of thinking, maybe I should do the OnDemand 504 class - which I believe is purely based online and you can go through the content on your own time? Use the knowledge gathered in that class to obtain the GCIH, and it along with the OSCP course should put me a solid enough position to be able to pass the GPEN exam. What are your thoughts?

p.s - Thanks for the link!

Kris

H1t M0nk3y - Superior response and it makes complete sense. Comparing the rate with how much I was bidding for my services seems like I'm 'low balling' myself here. Definitely open to any other responses if any one has anything else to contribute - although you nailed it dead-on monkey.

Thanks all of you!

Kris

Hello!

Feel free to correct me if I am wrong, I believe at an Enterprise Level penetration testing and contracts are paid a flat rate? To some of the members who pen test in the corporate world, do these tests typically range from x to x depending on what needs to be done, or do various companies contract out penetration testers at a solid hourly rate?

I'm in a situation where I am partaking on a few freelancing websites and there's folks who want this type of work done and have never thought, 'If I had to charge an hourly rate to do this type of work, how much should I charge?'. I saw one contractors profile who has it rate set at $132 an hour, but he's located in the US. Of course I am sure it varies across the board depending on what country your located in. My main question basically is, how much do you think is a minimal hourly rate to set for this type of work? I'm sure based on your experience levels and years in the field it must vary, but if anyone could help, I'm all ears!

Thanks,

Kris

Thanks on the grats guys! I received an e-mail just now with some clarification, they stated the following:


Just wanted to keep everyone up-to-date. When this updates in a couple months, I bet it's going to be even better and modern. Vivek's WLan Security Primer is superb material. I've watched a couple videos from the series.

Kris

@Lorddicranius - That's a good observation. I just re-checked my lab guide and it says v2. I'm pretty sure I have v2 of the course, it's utilizing BackTrack 3, and I think the v1 of the course was using BackTrack 1 or 2. If WiFu v3.0 came out, I'd imagine the material would be on BT4 or even BT5. I'm going to contact them right now and ask!

P.s - Received a quick response from the challenges department regarding my OSWP exam with my official results and I past! (wooh!)

Kris

@Dark_Knight - I'd say it's relevant, the attacks can be easily applied and work successfully. I notice a lot of the networks around me are WPA/WPA2. I think a couple years ago, WEP was more prevalent. They definitely need to update the course. I recall the v1 course was published in 2007, I was expecting to get this version when I signed up but the Lab Guide said it was from 2009 and the course was currently at version 2. A few new attacks have been added to aircrack-ng since then that weren't included in the course because they must not of been around at the time. More tools could've been introduced, but if it was based around the aircrack-ng suite I think they did a good job introducing it. The WPA section was pretty minimal, but it explained what you needed to know in order to crack WPA.

The course videos were sufficient enough to be able to go through and be able to pass the exam with what you've taken out of them.

@chrisj - Definitely have to look into that.

Hello E-H!

Just wanted to keep everyone up-to-date with my progress! I officially was enrolled into OSWP on the 18th, and went through the course within a couple of days. The course isn't nearly as lengthy as PWB. A couple days later I actually sent in challenge request date which happened to be today and I already took my OSWP certification exam. I was able to successfully obtain all the keys and have sent in my results, just awaiting official decision right now.

Had a blast in the class! My aunt loaned me her router, I've had an Alfa card for a couple years now. I had always used point-n-click tools to break into my AP, but now can successfully say I've dabbled in the command-line arts for getting my wifu on. I felt the class really gave a good introduction to the aircrack-ng suite and I may possibly leave a review of it here shortly. Some may think between the amount of time I enrolled versus when I scheduled my exam was pretty quick (less than 1 week of being enrolled in the course), but I actually dedicated a lot of time breaking into my router with various configurations, and wrote down well over 5 pages of notes! It's tons of practice, practice, practice! I definitely picked up on a good amount it makes me wonder how this course stacks up against SANS GAWN course.

Kris

Hey Guys -

I took one of my practice tests last night and didn't end up passing it. I learned what I need to beef up my knowledge on to get a passing score and it turns out my weakness lies in knowing the Laws, Wireless Crypto and Client Attacks, Wireless Fundamentals, and some in-depth knowledge of scanning. I missed a couple other questions in other areas. Since I hadn't been exposed to the WiFi stuff, what I'm going to do right now is sign-up for the OSWP course. It's affordable, will provide me with a solid background in theory and attacks to be able to ace this particular portion of the test, and I'll pick up the certification in the process. Then I plan on studying up on laws and other areas I seem to be weak in.

The positives about the practice tests is at the end of it, your given ranks on each category corresponding to:
http://www.giac.org/certification/penetration-tester-gpen
so you end up knowing where and what you need to study up on. Your actually given 4 months to take your 2 practice tests and schedule your proctored examination, so this should give me a great window for picking up on my weaker areas. I'll keep everyone up-to-date!

Kris

I've decided to kind've combine both of your ideas into one. I've purchased the exam voucher for the GPEN. Apparently it comes with 2 practice tests and the final exam. I'm going to spend time reviewing my OSCP material, and studying some Hacking Laws, plus some of the things Dark_Knight mentioned, then start taking the exams. Taking Sec 660 then 710 sounds like it would definitely prepare me enough to go into CTP very comfortably. Appreciate your responses guys. I'm going to put my head into this material and try one of the practice tests within a week or two.

Cheers,

Kris

Nice. Good response hit monkey, you just confirmed it for me. I didn't know OSCP covered 90% of it. This is good information and has me thinking I wish I would've known that when I did PWB last year. I might as well just go over all of the videos in PWB and just pay for the exam like you mentioned. Exploit Development sounds hard, I personally don't know any ASM but got a good introduction to registers n such in the PWB course. I suppose my path should be: GPEN -> OSCE, obtain CEH maybe in between or after taking CTP. Good information here. It'd just be my luck if my test consisted of nothing but tons of laws and Windows Tools. Thanks!

Hey EthicalHacker,

It's been awhile since I've posted a topic here! I have recently come up on a decent amount of money and I plan on putting it towards my education. I am one of those IT guys caught between Programming and Pentesting; Can't decide which one I love more because I like them both. My ultimate dream is to do development for awhile then move into Penetration Testing (or even alternate in between the two of them). I am posting because I'm in a bit of a bind on where my path lies ahead and I'm wanting some advice on courses I should take.

GPEN looks great to me, I am considering the OnDemand course. I have always wanted to hold a GIAC certification because they're well respected (although pricey). Do any of you have experience taking the OnDemand version of the course? Does the fee include the certification take cost? I noticed the promo code on here which will save me $150.00, so that is great!  On an alternate end, I'm kind of thinking, I hold an OSCP certification. I've heard there's some information overlapping between GPEN and OSCP, is this necessarily true? If it is true, what path would you recommend going down to obtain the GPEN certification? Self Study?

Somewhere in my twisted brain, I kind of feel the desire for pain - I've had my thoughts on considering doing Offensive-Security's CTP course. If I would be able to become OSCE certified I would feel like someone at the top of their pen test game! I am just kind of skeptic whether I have the skills to go in to the lion's den almost blindfolded, and expect not to get bitten. Surely I have endured til the end in my PWB adventure, but I hear CTP is a whole new level of pain. What are your guys thoughts on me considering this?

And then lastly, for some odd reason I feel the need to want to officially fit in. I never thought it would be on my mind, but obtaining the CEH just to stick it on my resume does not sound like a bad thought to me. I am considering online training for all of these, and would like to hear some of your guys experience taking the training for CEH online (or self-study). Is this certification all that it is hyped up to be? I haven't heard many positive experience on folks who have taken v7 on here.

Anyway, I have an open mind, and money to spend, have CEH, OSCE, and GPEN on my mind. I may just say, "Bring them all on", but i wanted to hear your guys thoughts on what I should go after. If you think I should tackle them all, feel free to list off the order!

Hope to hear from you all!

Cheers,

Kris

Hello m0ei,

Welcome to the forums!

I doubt you will get anyone who will willingly trade you their purchased course material at all. Offensive-Security Watermarks their course material (e.g - Accompanying Lab Guide and Course Videos) with the customers personal information (OS-ID, Name, Address, and E-Mail Address). Offensive-Security students who sign-up for the courses agree to accept a ToS Agreement stating that they will not distribute the course material and more. People who distribute or trade this material and Off-Sec finds out about it will instantly get their Certifications revoked (if they have any) as well as possibly legal action sought against them (I do believe this was stated in the contract).

You would be better off saving up and taking the course yourself.

Cheers,

Kris

Having taken both courses I can confirm this! Both are great and fun (:

I completely agree with hayabusa's posts. I think your ready to indulge in the OSCP class - just be sure to purchase enough lab time. They recommend 60 but you'll have so much fun and get more experienced purchasing 90! Give it your all and you'll prevail victorious!

Either will do El33tsamurai. Your actually provided a Custom VM of BT4 with the course containing some extras. The extras being simple stuff like bookmarked links where you can read-up on material, etc.