Hi everyone,

Most of you will remember that I wrote a post not so long ago that was called "Why I FAILED OSCP" http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6315.msg33820/topicseen,1/

But here is a better one: How I PASSED GPEN!!!

It's gonna be quite short: I studied OSCP like crazy then I registered for the GIAC Certified Penetration Tester exam. I tried the first practice exam (it comes with two, like all GIAC exams) just to see where I was. I got 79% without studying! So I went on and read about US, Canadian and UK laws, look at the most popular hacking tools in Windows (Cain and the others), tried a few "pass the hash" attacks. Two weeks after, I wrote the exam and got 89% !!!

Ok, I am not braging right now. I was just astonished that by doing the OSCP course, I would be ready for GPEN in less than 3 weeks with minimal study. And the GPEN exam was in no way easy, but when you have manually done multiple times 85% of the content of GPEN, you are off for a good start!!

So I am happy because I know I am not a complete waste!! But I am also happy that I didn't have to pay almost $5000 for the SANS course to get ready for GPEN. Although I would have love to take it, my budget is happy I didn't... 

So the next one will be CISSP, just to help me get contracts and learn more about "the other stuff" that we, pen testers, don't have to deal with everyday. I will tackle OSCP again next year...
 

Congrats on passing the GPEN. As time goes on, you will see there is a huge amount of overlap in most certifications.  *sigh* Personal *I* don't know what to study for anymore. This GREM is throwing a wrench in my wheels. My GREM via VLive begins Jan 17th or so which means, I have one month of downtime Me and boreDumb don't mix. I wanted to do the CREA in the meantime, but I'd have to wait like 2-3 weeks for material, purchase orders to be signed, etc., which would place me doing dual studies: GREM and CREA.

Anyway, aside from this, I'm at serious odds of what to do as a whole. My options: Focus heavily on forensics and take the ACE (Access Data) + EnCE certs... But I don't want to be bound into a vendor cert. I could opt to take the GFCA once I'm done with with the GREM and that would make me highly focused on forensics which I find interesting, but boring and at times political.

I *could* go back and focus on labs by getting back into CCIE studies, but that would be long, frustrating and isolate me into a Cisco only world. Same goes for JNC*anything even though I see more Juniper than I care to.

I could go for the OCSE, but I don't feel like it would suit me from a financial perspective. While the OSCP was fun, the reality is, its not as known as others. I could also opt for the OPSA/OPST exams, but then I'd have to wait until ISECOM brought their training back this way. So... Forensics, Pentesting, Networking... I guess I could knock the RHCE or SCSA out of the way who knows. Where the heck is dynamik when I need a swift kicking.

In the meantime, I'm still awaiting the results of my thesis for the RWSP. I wonder if I should take the class a step further and social engineer my results into a positive one

@ H1t M0nk3y

Contgrats Give it about 6 months, you'll schedule the OSCP again and smash it.

@ Sil If you've got down time and haven't played with it, do WiFu. 30 days, as long as you have the equipment, is more than enough time for OSWP.

Congratulations, that's awesome man I'm happy for you!

Thanks everyone for your nice comments!

@sil: Try hard to take a break for a month. You will see, it's hard but but sometime, it's useful to have a life... 

I am joking but I have a hard time taking time of too!