.

SANS GPEN Self-Study alternative ?

<<

veselin

User avatar

Newbie
Newbie

Posts: 2

Joined: Sun Apr 11, 2010 7:16 am

Post Sun Apr 11, 2010 2:26 pm

SANS GPEN Self-Study alternative ?

Hello ehackers,
I've become quite interested in Pen Testing lately.

I've got a couple of questions on the topic. Any advice greatly appreciated:

- I hold no GIAC certification at present, would you say going straight for GPEN is
  an adequate/realistic choice?
  I appreciate that taking GSEC/GCIH first would be very helpful.

- Is there any sort of an alternative to the official SANS GPEN SelfStudy material
  (books, ebooks, tutorials ) ?
  Something to get me started until I source funding for a SANS boot-camp.

Thank you.
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Sun Apr 11, 2010 3:17 pm

Re: SANS GPEN Self-Study alternative ?

I think your current experience/skills/knowledge is much more important than whether or not you have other GIAC certifications.

The candidate bulletin covers what will be on the exam. http://www.giac.org/certbulletin/gpen.php

That's pretty high-level, but you also get two practice exams when you sign up for a challenge, and those can provide additional guidance for what you need to delve further into.

The CEH and OSCP material helped a lot, as well as various books on pen testing and ethical hacking. Hacking Exposed, Open Source Penetration Testers Toolkit, Professional Penetration Testing (haven't read it myself, but it's gotten good reviews), etc.

Regarding the other GIAC certs, the GPEN will be more technical than either of those, so you should have that knowledge (not necessarily the actual certifications) under your belt prior to taking a shot at it.

Welcome to the forums :)
The day you stop learning is the day you start becoming obsolete.
<<

What90

Full Member
Full Member

Posts: 120

Joined: Sat Jun 09, 2007 2:23 am

Location: Syndey, Australia

Post Mon Apr 12, 2010 5:16 am

Re: SANS GPEN Self-Study alternative ?

Bit of a difficult question without knowing your background skill sets and ability :-) Have you got an current IT certifications or have/do you worked in a security based role?

As a more generic  answer:

If you rate your general network, OS and IT security skills and abilities are good, then go for the GPEN. It assumes you know how to use Windows, Linux and how networks are put together in order to attack them. It's a fast paced course, with lots to absorb and plenty of hands on practice.

As some other suggested reading, Ed Skoudis'  Counter Hack Reloaded is a great starting point, as is reading offensive security's Metasploit unleashed http://www.offensive-security.com/metasploit-unleashed/


However, if you're missing any of those core skills then look at doing the GSEC first to cover all those bases.  It covers a massive amount of security knowledge, tools and skills.

Hope that is of some help.
<<

unsupported

User avatar

Sr. Member
Sr. Member

Posts: 318

Joined: Sun Feb 08, 2009 3:38 pm

Location: 407

Post Mon Apr 12, 2010 10:38 am

Re: SANS GPEN Self-Study alternative ?

GPEN is not for the faint of heart.  It is super technical.  My co-worker and brother have taken the course and they both were both dumb founded by the amount of technical information.  They are both well experienced and certified individuals, and are not stupid in any way.

As a holder of two GIAC certs and one on the way, with one self study and two courses, I can safely state without any previous experience it may be near impossible to pass without having the SANS course ware.

With that being said, there are a lot of options when going for a SANS course.  You can do OnDemand, Self Study, life training, and even work study at live training (where you work at the conference, get the training, materials, and certification attempt for around $800).  I think if you are starting off with no experience, then it would take all of your being to do self-study to bring you up to a level where you would be lucky if you drowned in the level of technical details the course offers.

I do not know your experience or commitment level, but you could probably do well to self-study and do the GPEN course.  If you are looking for a more long term and lower budget option, you may want to go the self-study route for Security+ to lay the security foundation > CEH to lay the pen testing foundation with methodology and tools > GPEN.

I would also recommend Counter Hack, because it is a good read, and it not only gives you a lot of the hacker tools and methodology, but it also gives you insight on how to defend these tools.  You would also do well to start learning some of the tools like NMAP, Wireshark, Metasploit, and Cain and Able.  Heck, just start playing with anything on http://sectools.org/. :)

Good luck!
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
<<

veselin

User avatar

Newbie
Newbie

Posts: 2

Joined: Sun Apr 11, 2010 7:16 am

Post Wed Apr 14, 2010 6:21 pm

Re: SANS GPEN Self-Study alternative ?

Thank you much for the valuable comments.

As for my experience, I've been administering linux servers for the past couple of years plus windows/mac support.

No specific Information Security experience however, apart from generic linux rookit/firewall auditing.

I find GPEN and GIAC material in general, extremely interesting.
Definitely going to get involved.

Veselin

Return to GPEN - GIAC Certified Penetration Tester

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software