SANS GPEN Experience
SEC560: Enterprise Penetration Testing
In this blogpost I am going to share my experience with SANS GPEN (SEC560: Enterprise Penetration Testing) class and exam.
Training
When it comes to SANS training courses, they are not cheap. I signed up for the Live in-person session in May and the class is led by Tim Medin.
The class training lasted for 6 days (Monday — Saturday), 5 days of class with hands on labs and 6th day is Capture the Flag with the class members in teams.
During training we will learn about different types of Pentests, how to scope a Pentest, Reconnaissance, Initial Access, Persistence, Password Cracking, Command and Control Frameworks, Lateral Movement, Pivoting, Domain Enumeration, Azure Cloud.
Topics and Tools at a glance
Nmap, NSE, Massscan, Hydra, Metasploit, Sliver, Empire, Ghostpack’s Seatbelt, Bloodhound, Mimikatz, John the Ripper, Hashcat, Responder, Impacket, Kerberos attacks, Azure, Azure AD, and Ngrok.
Exam Preparation
I started preparing Index for my exam using the SANS courseware provided during the class. I prepared for a month with no distractions and did hands-on labs that are available offline via VM’s provided for class. There are a few labs that require an on-demand bundle to practice after the class. I did not get the bundle and tried to practice the concepts outside the SANS VM’s using online capture the flag paltforms.
I have premium subscription to Try Hack Me, I started to review all the career paths available, labs and mapped them to the class labs that are not available from the class VMs.
Modules on Try Hack Me
- Offensive Pentesting → Active Directory
- CompTIA Pentest+ → Information Gathering and Vulnerability Scanning
- Network Security Room
Once again these are not 100% match to the labs we do in the SANS class, I used these rooms to play with the commands from the labs covered in the class to understand the concepts.
Practice & Final Exam
I used voltaire for preparing my index. Voltaire is a web-based indexing tool for GIAC certification examinations. This tool gives the index by alphabetical order and makes it easy to read, I like this type of index and is better than excel sheets. Once again there are lots of posts on internet and follow the style that works. I took the practice tests and selected to show me incorrect answers and took few seconds to review the questions that I answered wrong.
Once done with the practice exams, I had a quick review at the books and labs again. The day before my test I got a good night sleep. On the day of exam I logged into the proctor completed the verification steps and started the test. I used up all the time on the clock and at last I passed the GIAC GPEN. After completion of my exam I got an email with my exam results and asked me to order the certificate.
In conclusion, I learned a lot from the class, and it was a great learning experience. Once again do not just read the material and go for the exam, practice practice practice practice until you are good with the concepts. The more practice the better when it comes to clear the test, especially the lab questions at the end of the exam. Good luck everyone!
References
- Try Hack Me (Referral Link): https://tryhackme.com/referrals/sandeepkasturi
- SANS GPEN : https://www.sans.org/cyber-security-courses/enterprise-penetration-testing/
- Indexing Tool: https://voltaire.publickey.io/
Comments
Post a Comment