Thanks to my current employer I recently had an opportunity to participate in penetration testing course titled: SEC560: Network Penetration Testing and Ethical Hacking from SANS institute in OnDemand version along with an attempt for GIAC GPEN certification. Here is a short review of this course with tips for the certification exam.
So is this penetration testing course for you?
Before getting into any penetration testing course and certification it is worth to ask yourself how it will benefit you, as you will usually need to pay (yourself or your employer) for the course and exam. Also you will need to invest a lot of time if you are serious about passing certification. There are other courses on the market that will teach you the basics of penetration testing and ethical hacking. To name a few of most renown are: OSCP from Offensive Security and eCPPT from eLearnSecurity.
I personally went trough PWK course and passed OSCP certification. I have also purchased the eCPPT course but didn’t go trough all the materials as of yet. So I have some fair overview of the other competitors with similar content. So how is it different to the others?
If I compare to previously mentioned courses then it is similar to eCPPT. You get to access the video content presented on their online platform. You also got the access to labs with exercises to which you connect trough VPN. However the biggest difference are materials which consist of 6 printed books along with cheat-sheets cards and posters. This materials for sure you will use in future penetration testing gigs.
Contents of the SEC560 penetration testing course
Course began with a discussion of the consultative side of the business and topics related to documenting work, scoping projects, drafting an effective statement of work and communicating with clients. I think best part of the course is how to write a good penetration test report. I could immediately improve my report writing skills after this lessons.
As you progress the course is getting similar to eCPPT and PWK courses teaching you about recon, enumeration and tools for exploitation like Metasploit and it’s meterpreter shell. The interesting part in the chapters was learning about Scapy which I never learned about before. Also good parts of the course is to show tricks and tips with PowerShell and Windows command line. Quite big part is related to passwords and how to obtain and crack them. At the end you are getting taught about some basic concepts of Web Application testing. To sum up this paragraph of the course is well laid out and if you are beginner you will learn a lot more than from, for example, the PWK course. If you have some experience like me you will get some nice tricks and tips and in a good format. Don’t forget you get to practice your learning with exercises/labs after each part which will cement you knowledge.
Exam for GIAC GPEN
Fun fact it is in an Open Book format. This was a surprise for me and my first time experience in such attempt for examination. What it means is that you can bring the PRINTED course books and your own notes to the exam center. I won’t write about the technical aspects of the exam, but for such type of exam it is a good idea to make yourself an index of terms as they appear on different pages in the printed materials. So you will not lose the limited time to search through the books where “I can read more about X topic” There are good posts on the internet how to prepare for this exam. I linked them at the bottom of this post. Beside standard test questions and answers you also get interactive questions where you need to complete tasks on a real boxes connected to your examination computer. I didn’t see any questions that weren’t related to the content you were taught about in the course. Finally I passed exam with 96% score and earned GPEN badge 🙂
Conclusion
I highly recommend this penetration testing course for every penetration tester or aspiring one. High quality materials and videos explaining everything in detail about given topics. Great materials that you will probably use even after exam or in day to day job. IMHO best parts in the course were related to how to write good reports. The biggest drawback is the price of the course and of the exam. So If you want to fund this course yourself then better start looking for other courses I mentioned earlier.
Links:
SANS Course website: https://www.sans.org/course/network-penetration-testing-ethical-hacking
GPEN certification website: https://www.giac.org/certification/penetration-tester-gpen
Tips on how to prepare for exam:
https://tisiphone.net/2015/08/18/giac-testing
https://www.judithvanstegeren.com/blog/2016/how-I-prepared-for-my-GIAC-GPEN-exam.html
https://digitalforensicstips.com/2012/11/sans-index-how-to-guide-with-pictures/