.

My Next Path (Advice)

<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Thu Aug 11, 2011 12:21 pm

My Next Path (Advice)

Hey EthicalHacker,

It's been awhile since I've posted a topic here! I have recently come up on a decent amount of money and I plan on putting it towards my education. I am one of those IT guys caught between Programming and Pentesting; Can't decide which one I love more because I like them both. My ultimate dream is to do development for awhile then move into Penetration Testing (or even alternate in between the two of them). I am posting because I'm in a bit of a bind on where my path lies ahead and I'm wanting some advice on courses I should take.

GPEN looks great to me, I am considering the OnDemand course. I have always wanted to hold a GIAC certification because they're well respected (although pricey). Do any of you have experience taking the OnDemand version of the course? Does the fee include the certification take cost? I noticed the promo code on here which will save me $150.00, so that is great!  8) On an alternate end, I'm kind of thinking, I hold an OSCP certification. I've heard there's some information overlapping between GPEN and OSCP, is this necessarily true? If it is true, what path would you recommend going down to obtain the GPEN certification? Self Study?

Somewhere in my twisted brain, I kind of feel the desire for pain - I've had my thoughts on considering doing Offensive-Security's CTP course. If I would be able to become OSCE certified I would feel like someone at the top of their pen test game! I am just kind of skeptic whether I have the skills to go in to the lion's den almost blindfolded, and expect not to get bitten. Surely I have endured til the end in my PWB adventure, but I hear CTP is a whole new level of pain. What are your guys thoughts on me considering this?

And then lastly, for some odd reason I feel the need to want to officially fit in. I never thought it would be on my mind, but obtaining the CEH just to stick it on my resume does not sound like a bad thought to me. I am considering online training for all of these, and would like to hear some of your guys experience taking the training for CEH online (or self-study). Is this certification all that it is hyped up to be? I haven't heard many positive experience on folks who have taken v7 on here.

Anyway, I have an open mind, and money to spend, have CEH, OSCE, and GPEN on my mind. I may just say, "Bring them all on", but i wanted to hear your guys thoughts on what I should go after. If you think I should tackle them all, feel free to list off the order!

Hope to hear from you all!

Cheers,

Kris
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Thu Aug 11, 2011 12:47 pm

Re: My Next Path (Advice)

Here is my 2 cents:

- OSCP covers about 90% of what you need to know for GPEN. The main differences between the two is Windows based tools and some laws. So register for the exam right away, without taking any courses. I personally did that after failing OSCP and scored pretty high on GPEN... With any GIAC/SANS exam, you get a practice exam that is pretty close to the real test. This will give you confidence. Although I heard SANS offers great courses, after OSCP, you can save your money for GPEN.

I am doing OSCE and it is mainly focus on exploit development. If this is your thing, go for it.

You should be able to write CEH by reading a book or two like I did...

But what about a web application penetration testing course? PWB covers only the basic of web app pentest...

Good luck!
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Thu Aug 11, 2011 3:10 pm

Re: My Next Path (Advice)

Nice. Good response hit monkey, you just confirmed it for me. I didn't know OSCP covered 90% of it. This is good information and has me thinking I wish I would've known that when I did PWB last year. I might as well just go over all of the videos in PWB and just pay for the exam like you mentioned. Exploit Development sounds hard, I personally don't know any ASM but got a good introduction to registers n such in the PWB course. I suppose my path should be: GPEN -> OSCE, obtain CEH maybe in between or after taking CTP. Good information here. It'd just be my luck if my test consisted of nothing but tons of laws and Windows Tools. Thanks!
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

mesho

Newbie
Newbie

Posts: 24

Joined: Tue Aug 10, 2010 8:01 am

Post Thu Aug 11, 2011 5:41 pm

Re: My Next Path (Advice)

my recommendation will be a little bit different!

and i'm sure when you follow these steps you will gain the knowledge you seeking for:

review OSCP videos, try to grasp all the hacking technique.

then purchase GPEN exam and try to write down all the laws related, some of this laws will be presented on the practice exam but not all.

when finally acquire the GPEN Certificatoin don't think to go for OSCE still there's something you need to follow which is:

SANS Advanced Penetration Testing SEC 660
http://www.sans.org/security-training/a ... g-1517-mid

SANS Advanced Exploit Development 2 days course or selfstudy materials SEC 710
http://www.sans.org/security-training/a ... t-1522-mid

and last you will be ready to take the OSCE Challenge  ;)
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Thu Aug 11, 2011 6:44 pm

Re: My Next Path (Advice)

Not a bad idea mesho.

Another very, very good course I had the chance to take last May in Dallas was "Advanced Penetration Testing" with Joe McCray from CAST. There, you learn how to hack into Windows 7 fully patch and things like that.

I highly recommend it.
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Thu Aug 11, 2011 7:14 pm

Re: My Next Path (Advice)

I actually did the GPEN via OnDemand. I also did it after the OSCP. Nothing compares to the OSCP. The GPEN compliments the OSCP quite well. There is in fact some fact some amount of overlap with the OSCP providing better coverage in some areas.

The difference between the two is more than just laws :) the GPEN covers a lot of the business aspects of doing a pen test. Topics such as defining scope, creating a get out of jail free card, defining the rules of engagement etc are covered. So the OSCP gives you that 'raw' skill. The GPEN will help 'refine' it :)

As mentioned above grab the practice test and gauge your readiness from that. The test costs $99. If you do decide to go the ondemand route then keep checking the website as ever so often there are promos that offer discounts of up to 25%. If a discount is not offered, then go out on a limb and ask for one.

The CEH........that was my first certification. When I did it I knew NOTHING about security. So given that you already have the OSCP getting the CEH should not be difficult.
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Thu Aug 11, 2011 7:16 pm

Re: My Next Path (Advice)

I've decided to kind've combine both of your ideas into one. I've purchased the exam voucher for the GPEN. Apparently it comes with 2 practice tests and the final exam. I'm going to spend time reviewing my OSCP material, and studying some Hacking Laws, plus some of the things Dark_Knight mentioned, then start taking the exams. Taking Sec 660 then 710 sounds like it would definitely prepare me enough to go into CTP very comfortably. Appreciate your responses guys. I'm going to put my head into this material and try one of the practice tests within a week or two.

Cheers,

Kris
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Thu Aug 11, 2011 8:58 pm

Re: My Next Path (Advice)

Dark_Knight is right, there's more than "law" and windows tools in GPEN. I was in a rush at work and couldn't elaborate more... My bad!

But GPEN isn't hard after OSCP. You will get a very accurate feel of the exam with your practice tests.

Good luck xXxKrisxXx
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

idr0p

Newbie
Newbie

Posts: 49

Joined: Fri Jun 17, 2011 8:46 pm

Post Fri Aug 12, 2011 2:38 pm

Re: My Next Path (Advice)

Wow this actually covers from stuff i am going through right now.

I am scheduled for the CISA in Dec. I wanted to complete a cert in the mean time by end of Oct. then study for the CISA. As I just completed the GPEN, I am up in the air as to if i should do the GWAPT or the OSCP.

P.S. I am also going back to school for my masters in Jan. I will be talking web app development which may compliment the GWAPT

Should i do my OSCP now. then cisa and Gwapt in jan or should i do the gwapt then CISA and OSCP?
Last edited by idr0p on Fri Aug 12, 2011 2:41 pm, edited 1 time in total.
GCIA GCIH GPEN GWAPT
Up Next: CISA CISSP
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Fri Aug 12, 2011 8:30 pm

Re: My Next Path (Advice)

Based on the three certs you already have, go for OSCP. You will see it is quite different than GIAC certs. You will feel like it is the best thing you ever did.

So OSCP, no hesitations!
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Fri Aug 12, 2011 8:49 pm

Re: My Next Path (Advice)

H1t M0nk3y ++1
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Fri Aug 12, 2011 9:09 pm

Re: My Next Path (Advice)

idr0p wrote:Wow this actually covers from stuff i am going through right now.

I am scheduled for the CISA in Dec. I wanted to complete a cert in the mean time by end of Oct. then study for the CISA. As I just completed the GPEN, I am up in the air as to if i should do the GWAPT or the OSCP.

P.S. I am also going back to school for my masters in Jan. I will be talking web app development which may compliment the GWAPT

Should i do my OSCP now. then cisa and Gwapt in jan or should i do the gwapt then CISA and OSCP


The OSCP will be a lot fun. The GWAPT is also good. Very good introduction to the world of web application penetration testing. Have a go at the OSCP, grab a copy of WAHH. If you like WAHH[Web Application Hackers Handbook] jump into the GWAPT.
Last edited by Dark_Knight on Fri Aug 12, 2011 9:12 pm, edited 1 time in total.
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

idr0p

Newbie
Newbie

Posts: 49

Joined: Fri Jun 17, 2011 8:46 pm

Post Sat Aug 13, 2011 12:30 pm

Re: My Next Path (Advice)

OSCP IT IS!
GCIA GCIH GPEN GWAPT
Up Next: CISA CISSP
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Wed Aug 17, 2011 1:42 pm

Re: My Next Path (Advice)

Hey Guys -

I took one of my practice tests last night and didn't end up passing it. I learned what I need to beef up my knowledge on to get a passing score and it turns out my weakness lies in knowing the Laws, Wireless Crypto and Client Attacks, Wireless Fundamentals, and some in-depth knowledge of scanning. I missed a couple other questions in other areas. Since I hadn't been exposed to the WiFi stuff, what I'm going to do right now is sign-up for the OSWP course. It's affordable, will provide me with a solid background in theory and attacks to be able to ace this particular portion of the test, and I'll pick up the certification in the process. Then I plan on studying up on laws and other areas I seem to be weak in.

The positives about the practice tests is at the end of it, your given ranks on each category corresponding to:
http://www.giac.org/certification/penetration-tester-gpen
so you end up knowing where and what you need to study up on. Your actually given 4 months to take your 2 practice tests and schedule your proctored examination, so this should give me a great window for picking up on my weaker areas. I'll keep everyone up-to-date!

8) Kris
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Wed Aug 24, 2011 5:39 pm

Re: My Next Path (Advice)

Hello E-H!

Just wanted to keep everyone up-to-date with my progress! I officially was enrolled into OSWP on the 18th, and went through the course within a couple of days. The course isn't nearly as lengthy as PWB. A couple days later I actually sent in challenge request date which happened to be today and I already took my OSWP certification exam. I was able to successfully obtain all the keys and have sent in my results, just awaiting official decision right now.

Had a blast in the class! My aunt loaned me her router, I've had an Alfa card for a couple years now. I had always used point-n-click tools to break into my AP, but now can successfully say I've dabbled in the command-line arts for getting my wifu on. I felt the class really gave a good introduction to the aircrack-ng suite and I may possibly leave a review of it here shortly. Some may think between the amount of time I enrolled versus when I scheduled my exam was pretty quick (less than 1 week of being enrolled in the course), but I actually dedicated a lot of time breaking into my router with various configurations, and wrote down well over 5 pages of notes! It's tons of practice, practice, practice! I definitely picked up on a good amount it makes me wonder how this course stacks up against SANS GAWN course.

Kris
Last edited by KrisTeason on Wed Aug 24, 2011 5:41 pm, edited 1 time in total.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
Next

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software