.

SANS GXPN Review

<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Thu Dec 13, 2012 10:33 pm

Re: SANS GXPN Review

As promised, my review of the Corelan course:
http://www.pwnag3.com/2012/12/corelan-e ... -live.html
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Fri Dec 14, 2012 9:30 am

Re: SANS GXPN Review

OSCE vs GXPN vs Corelan...go


:) :) :)
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Fri Dec 14, 2012 9:39 am

Re: SANS GXPN Review

Dark_Knight wrote:OSCE vs GXPN vs Corelan...go


:) :) :)


^^ ++1  ;)
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Fri Dec 14, 2012 11:00 am

Re: SANS GXPN Review

Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Fri Dec 14, 2012 11:06 am

Re: SANS GXPN Review

The Corelan course was the best training I've ever done, hands-down.

I'll try to throw up a review by the end of the year as well (slammed with work, prepping for fast-approaching OSCE), but rest assured, it's awesome.

Given how few opportunities there are to do it, jump at it if you ever get the chance. I'm obviously glad I did.
The day you stop learning is the day you start becoming obsolete.
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Fri Dec 14, 2012 11:21 am

Re: SANS GXPN Review

Because they're all different, I'll organize this by two goals: 1) get better at exploit dev, 2) get better at pen testing

Goal - Ninjasize your Exploit Dev Skills
Order of complexity from lowest to highest: GXPN, OSCE, Corelan.

Keep in mind, the GXPN covers more than exploit dev. OSCE is 90% exploit dev and Corelan is 100%

Corelan covers more advanced exploit dev topics than OSCE and GXPN. For example, he literally went through how the Vupen guys won Pwn2Own, step by step. Blew my mind.

OSCE and Corelan are 100% windows, GXPN does both nix and windows.

Goal - Ninjasize your Pen Test Skills
Corelan isnt going to help. OSCE might help a little, but GXPN is going to win in this category. A better track for this goal is probably GPEN -> GXPN -> OSCP, or some variation of the G courses, but keeping OSCP in there :)

They all have some overlap and if you can take them all, they really compliment each other. Hope that helps.
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Fri Dec 14, 2012 11:29 am

Re: SANS GXPN Review

@tturner I've heard the Immunity Master Course kicks ass. That's hopefully next year.
http://www.infiltratecon.com/training.html#MasterClass
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Fri Dec 14, 2012 11:34 am

Re: SANS GXPN Review

So my next question is, when if EVER do you use your exploit-dev skills on a pentest? Most environments can be pwned without needing the heavy artillery not so?

Your response maybe that I said most, but how often do you get to go up against an environment that requires OSCE etc skillz?
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Fri Dec 14, 2012 11:50 am

Re: SANS GXPN Review

Valid question. Yes, in my experience on internal network pen tests it's not that difficult to get domain admin. I haven't had to use these skills on regular pen tests that often. I might have to modify a PoC or a busted metasploit module, but other than that, nothing too complex.

However, in my role at work, I'm doing more than network pen tests slammed into short time windows. We're looking at hardware, custom apps, etc that the client wants in depth testing on, over long periods of time. Writing an exploit for custom software is exactly what they're paying for. I wish these were every week, but they're not that often.
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Fri Dec 14, 2012 8:49 pm

Re: SANS GXPN Review

cd1zz wrote:@tturner I've heard the Immunity Master Course kicks ass. That's hopefully next year.
http://www.infiltratecon.com/training.html#MasterClass


Yea, that looks amazing. I'll need to wait until I find an employer that'll foot that bill though.

I assume they offer the NOP exam there. That'd be a fun one to try.
The day you stop learning is the day you start becoming obsolete.
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Sun Dec 16, 2012 3:15 am

Re: SANS GXPN Review

Nice review, cd1zz. So were there many topics covered which are not already covered in his public tutorials?
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Sun Dec 16, 2012 8:34 pm

Re: SANS GXPN Review

Not a lot, in fact he refers to them for more information. However, the value in having him there is picking up on how he thinks about things or all his little tricks.
<<

azmatt

User avatar

Full Member
Full Member

Posts: 103

Joined: Sun Jul 29, 2012 2:11 pm

Post Mon Dec 17, 2012 12:51 am

Re: SANS GXPN Review

That was a really good review man.
GCFA, GCIH, GCIA, GWAPT, CISSP, CEH, GSEC
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Tue Jan 15, 2013 3:15 pm

Re: SANS GXPN Review

I was told that GPEN is required in order to sit for the GXPN exam, however, I couldn't find such statement on the official website. Can anyone confirm whether GPEN is required for GXPN or not? I might give it a try this year, so I'm wondering.
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Tue Jan 15, 2013 3:30 pm

Re: SANS GXPN Review

Nope, not a requirement. Might be a suggestion, but not a req.
PreviousNext

Return to General Certification

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software