SANS GPEN Certified

A few of weeks ago I took SANS 560 Network Penetration Testing and Ethical Hacking course. It was an awesome course and I had a lot of fun completing the exercises and practical. I gave myself a week to study for the exam and scheduled the GIAC GPEN exam for the following Monday.  I studied a couple of hours each night trying to finish at least one of the 5 books a night. When the day came I felt ready. The exam is open book so I took all my materials in the event I couldn't remember something and had to look it up. I scored an 87% and was extremely happy having passed the exam. There were a few questions I had to look up but not many so I feel comfortably that I know the material.

For anyone looking to taking the GIAC GPEN I have a few recommendations. Take the course, whether that is live, online or by some other means that SANS offers as I feel it is well worth it. Prior to the exam give yourself a few hours each night to study at least one section at a time and re-read the parts you don't get. I've heard of people making the really extravagant cheat sheets or lookup tables but I didn't feel they are worth it. If you work in the area that you are testing for you should at least know 60-70% of the material in my opinion. Maybe some people need them as they don't test well so decide for yourself if that is something you want to do. Make sure you read the all the information in the books as it is all testable material. And finally good luck to those that take.


Comments

Post a Comment

Popular posts from this blog

And now for something completely different...

Over the course of my INFOSEC career I've worked in many different positions. IDS, network analysis, pentester, mobile application testing and a few others but one area has always stoked my interest. Vulnerability development is an area I wish I knew more about along with having a better grasp of reversing software. So over the next few months I've decided to try and fuel that interest by jumping into the world of fuzzing. I have chosen to start messing around with american fuzzy lop (AFL)  and see if I can find my first CVE. So here goes nothing.
Read more

Testing Joomla for CVE-2015-8562

Over the last couple of days I've been responding to question about Joomla's 0-day which has been gaining some attention lately. I decided to write a PowerShell script to check a Joomla server if it is running the at least 3.4.6 or 3.4.7. Hope you enjoy it and let me know your thoughts. ############################################################################################### # # Script: CheckJoomla.ps1 # By: Tim Muniz # Date: 20151222 # ############################################################################################### <# .SYNOPSIS This script checks Joomla Version to check if the remote host is vulnerable to CVE-2015-8562. .DESCRIPTION This script checks Joomla Version to check if the remote host is vulnerable to CVE-2015-8562. .PARAMETER target a host running Joomla to test. .PARAMETER Https To test a host running SSL/TLS.  This is an optional parameter. .EXAMPLE Check remote Joomla
Read more

Been awhile hasn't it.

It's been over a year since the last time I posted anything so I'll give a quick update. The whole AFL thing didn't pan out as much as I'd like as I never really made time for it. I did add another child into the world so I got that going for me. As for work, I'm still at Cisco Talos doing the Detection Response Team (DRT) stuff, basically creating rules for Snort and sigs for ClamAV. That's going ok, gets a little mundane at times as I'm a researcher by trade and love looking into different things, especially mobile stuff, but overall I feel it's going well. At least no one has told me otherwise. That's pretty much it for me over the last year so lets start on some new exciting info. I recently went to TROOPERS  for TROOPERS19 and it was awesome. For those that don't know, it is a computer security conference in Heidelberg, Germany that takes place in March time frame. The city of Heidelberg was beautiful and the content of the conference was
Read more