Here is the general impression I got from the GPEN exam.  First off I want to say the GPEN exam was much better then the CEH exam.  Let me explain quickly why I say that.  After I got done and while I was taking the CEH exam I kept seeing questions in which I disagreed with the 'correct' answer.  I knew which answer the EC-Council wanted but there were at least 10-15 questions that I believe (and usually the CEH course ware backed me up on this) didn't have a correct answer.  That really annoyed me.  The GPEN didn't have anything like that even the questions I got wrong, and there were quite a few , I could see why I was wrong.  OK, enough of that rant. 

The next thing I want to say about this exam (and I presume the class also) is it is much more focused then CEH.  I know I keep comparing to CEH and I am not meaning to disparage it but most people on this forum are familiar with it so it is an easy comparison.  Instead of going over all of the available tools it picks on the most popular/best tools in the trade and goes into how to use those tools to achieve the best results.  I was also very happy and impressed that a lot of pentesting methodology information came up.  This made even the exam seem a lot more professional and less of a 'hacker' cert.  Probably the biggest surprise I received taking the test was the difficulty of the exam.  I was honestly scared to death of this test.  With all the top level names that are attached to the class and with the high level of technical content that the class is stressing I figured the exam was going to be "Ed Skoudis Genius Level Hard".  Which is way above me .  I was pleasantly surprised to find out that while it was highly technical it wasn't beyond what a typical experienced pentester would know. 

That's about all I have.  I will mention the practice tests were great and while they weren't the actual test questions they gave you a good feel for what to expect.  I do want to caveat the above review with the fact that I didn't take the SAN training, even though I really wanted to, so I have no idea what that is like this is strictly my impression of the exam/practice test.  I highly recommend this exam or training for any CEH or pentester.

Hiro,

That's actually a good list of the main topics for the exam.  I remember lots of nmap questions.  ICMP codes, common port numbers and there associated service, DNS zone transfer questions, basics of buffer overflows and SQL injection, TCP flags and which nmap scans use which flags that is a lot of the major stuff I remember.  Some of it is starting to fade.   Again Good Luck!

I managed to pass the GPEN exam this morning!  Woot!  I am very excited especially since I work night shift and usually get up at 2:00 PM but had to get up at 9:00 AM to test so I am overdosed on caffeine right now!  Once I stop jittering from the excessive coffee I will post some of the insights I got from the exam.

I already registered and put a reminder in my calendar these look like they are going to be great.  I can't wait!   I wouldn't miss this for a room full of strippers.





.... well maybe for a room full of strippers but not much else 

I think if you have adequately studied the official courseware and study guide along with attempting practice questions you will have no problem with the CEH exam.  I empathize with you having anxiety over taking an exam of this magnitude but I do agree that obtaining actual test question to study is cheating.  While studying the actual test questions may help relieve your anxiety over taking the test I think you will find that you probably don't really need those questions to pass.  I can give you a quick hint about the best way to get the actual test questions though (and it's even legit  ) go take the test!  I mean really how much do you pay for a testking packet, fifty bucks?  Shoot the test only costs $250  and they give you all the questions!  If you fail the first time, which I think isn't as likely as you fear, then retest.  Then you have already seen a huge amount of actual test questions.  Well I hope  my little advice helps and Good Luck with the exam when you actually do take it.  Let us now how it goes.   

If you do want to start learning Linux probably your best bet for now since you admitted you weren't very tech savvy would be to get a Linux distro that you can boot from a CD.  That way you can play as much as you want and get familiar with Linux and never have to worry about damaging anything {well unless you get really unlucky  }.  If you mess something up all you have to do is reboot and start again.  I would suggest you go with the Ubuntu distro and burn the ISO onto a CD.  You should be able to find lots of information via google to help you do this.  If you still can't figure it out your friend may be able to help you.  Or just ask here most people of this site are very friendly and will be willing to help you out.

Wow perfect timing my company is about to start a big project to evaluate our Citrix setup!  I'll let you know how it works out.  Thanks!

http://adeona.cs.washington.edu/


I haven't used this software but it looks good and seems to be exactly what you need.

Congrats Vijay!  Thanks for the review.  I am taking the test Sept 30th, Challenge, so every little bit of information helps.

End Of The World As We Know It (And I feel Fine)
http://www.youtube.com/watch?v=cGqroT1FZ5Y


I say "Fire it up!"     

Here is a good website to take a look at for USB hacking information and programs.

http://www.usbhacks.com/category/tools/

Other then not using Myspace not really.

 

If you were using Netcat as an administrative tool this wouldn't be a problem because you could exclude Netcat from the AV.

If you can't take the heat stay out of the kitchen!

 

I sure wouldn't want to gamble with 14 years of my life to make a few quick bucks.  That guy would have really been screwed if the judge was having a bad morning and was pissed off.  He could have easily been in prison long enough that by the time he got out George Lucas would be making the 10th Indiana Jones... "Indiana Jones and the Lost Wheelchair".