September 21, 2009 at 1:36 pm #4280
I finally got to the point where I’m ready to take the next step as far as my certifications are concerned and I need your help. I am trying to decided between taking the GPEN or OSCP, which do you all think is better? I am looking for the certification that will give me the most knowledge and be the most fun to complete. Money is not a concern, so I’m just looking for a quick poll. Personally, I would like to do both but I don’t know if I can swing that. Anyhow, please comment if you have either of these certs or both.
September 21, 2009 at 2:12 pm #27132vijay2Participant
As I have done both,
I feel GPEN is very comprehensive Pen Test Course because it deals with more than juts popping boxes. It has almost a day coverage on Business and legal aspects of Pen Testing. Its very hands-on and has a lost of suttle tips and tricks for using the most common tools.
OSCP is very technical and hands on and requires a lot of prior knowledge on networking, BoFs and theoretical knowledge on the concepts.
In my humble opinion OSCP is a great extension to GPEN.
P.S – Just a disclaimer that I am SANS Mentor.
September 21, 2009 at 2:16 pm #27133apolloParticipant
Both certs are packed with good information. The answer to your question revolves around what you want to learn. Everything from SANS has a business take to it. GPEN is focused making sure that you are covered, that you follow good processes, and also it has some great skills for the actual process. It covers all the goodies with enumeration etc in an environment where if you have questions you have a direct person to ask about it. It isn’t as deep as the OSCP, but if you are interested in making sure that your practices are good etc, then it’s a good place to start. I had fun in the class but the steps to pen testing and business elements are a focus the whole way.
OSCP covers enumeration, exploit writing, and popping boxes. There’s tons of good stuff in there, and it’s pretty much all skills and techniques with little focus on the business stuff like ensuring that you have a project scoped etc. It goes more in depth into enumeration and exploitation, even walking you through creating your own exploit. The courses are in video and PDF format, and there isn’t just one person who is accountable for questions, but there are a number of venues for asking. If you are looking for a class that is fun from start to end, then this class is definitely fun. The only thing is, this class is what you make of it because of how it is delivered. You have the ability to pick up tons of skills if you don’t already have them, but it isn’t as spoon fed as GPEN is.
All in all, they both cover different material, and taking both of them wouldn’t be a bad plan if you can at some point. The question is what you want to focus on first. If you are just starting and want some additional hand holding, go GPEN first. If you are already strong with linux and have some background with pen testing or security, then OSCP is a lot of fun.
September 21, 2009 at 2:52 pm #27134
Thanks for your responses!
I think at this point I will try my best to take both courses starting with GPEN. That way I get the proper format of a pentest, the business reasons, and everything else like that from GPEN and I learn the 1337 techniques from OSCP.
One another note, which cert do you think has more industry recognition? Also, what does the GPEN certification test actually entail?
September 21, 2009 at 2:56 pm #27135JhaddixParticipant
Ryan has a great comparison there.
In my opinion GPEN is the way to start. They place a high priority on the whole process instead of just the technical parts. They also realize that popping boxes isn’t the sole means into systems, where OSCP focuses on exploitation (mostly). I would def take the OSCP after the GPEN if i were starting from scratch though.
The GPEN cert also has more merit at the moment and includes a CTF day excersize. The GPEN is a written test where OSCP is a practical CTF.
September 21, 2009 at 3:01 pm #27136vijay2Participant
You are very Welcome 🙂
As far as the industry recognizance goes, you would get more call if you have GPEN on your resume. Only the very 1337 in security industry know and recognize OSCP.
GPEN exam is a open book 150 multiple choice questions exam. More info can be found at
OSCP is all practical 24 hour exam.
September 21, 2009 at 5:34 pm #27137
Thanks again for the information everyone. I think I am going to try to see if I can first for the GPEN then the OSCP. Since both of these certs/courses seem like a decent amount of fun as well as high quality that would seem to be the best route. Even if I have to foot the bill for the OSCP myself I think it would be worth it. My main objective here is to learn as much as possible so I think both would be best. ;D
- You must be logged in to reply to this topic.