SephStorm wrote:@MaXe I would agree with that. I definatly feel like I can attack a target using tools and compromise a host. What I need to learn is how best to bypass defenses and how to preform a pentest.
How to bypass defenses the best way, is not something GPEN will teach you nor many other certifications. OSCE (actually CTP) can show you the door including handle, but it is only a part of it you see. OSCP (PWB) will show you the base of the door, and the surface of it.
To see it all, and walk through it, OSCP and OSCE can help you, but I am not aware of any certificate that goes to such a level that you describe. By defense in this case I'm describing, I mean all kinds of defenses. (e.g., 802.11 / WiFi, Physical Security (Social Engineering?), Logical / Virtual Security (Protocols and Programs mainly), and all that lies in between.
Writing a good report (this is also a part of the pentest), is something OSSTMM and GPEN (actually the associated SANS course, at a very basic level) can help you with. There was a very nice article in the May Issue of the PenTest Magazine about writing articles, with some very nice jokes as well on how not to do it. I just wish it was free so I could share it with you
Performing a good pentest, this is something not only GPEN (and probably CEH too) but also OSCP and OSCE can help you with. GPEN is not very much hands-on, mostly theoretical while OSCP and OSCE are big-time hands-on and very practical courses, but you probably already know that.
Even CISSP can contribute to becoming a better PenTester but this certificate alone, is not a guarantee imho
(These are just humble opinions.)