Certification:

GPEN
 

GIAC Penetration Tester

GPEN

View Professionals »

Target

The GPEN certification is for security personnel whose job duties involve assessing target networks and systems to find security vulnerabilities. Certification objectives include penetration-testing methodologies, the legal issues surrounding penetration testing and how to properly conduct a penetration test as well as best practice technical and non-technical techniques specific to conduct a penetration test.

Course

SEC560: Network Penetration Testing and Ethical Hacking

*No Specific training is required for any GIAC certification. If candidates need help in mastering the objectives for this certification, there are many sources of information available. Practical experience is one option; there are also numerous books on the market covering Computer Information Security. Another option is SANS training, or any relevant courses from other training providers.*

Requirements

  • 1 proctored exam
  • 150 questions
  • Time limit of 4 hours
  • Minimum Passing Score of 74.7% (112 out of 150 questions)

NOTE:

GIAC reserves the right to change the specifications for each certification without notice. Based on a scientific passing point study, the passing point for the passing point for the GPEN exam has been determined to be 74.7% for all candidates receiving access to their certification attempts on or after 12/22/2010. To verify the format of your current certification attempt, please read the Certification Information found in your portal account at https://exams.giac.org/pages/attempts.

Renew

Every 4 years

Delivery

NOTE: GIAC exams are NOT given the day after the conference ends.

Exams are delivered online through a standard web browser. For exams purchased with SANS training, access to the exam will be available 7-10 days following the end of the conference. Standalone challenge exams are issued within 24 hours upon receipt of payment. You will receive an email from GIAC when your exam has been issued to your portal account. You have 120 days to complete the exam from the time we send notice that it is available. The exams are proctored and should be scheduled using our proctored exam procedure.

Links


Bulletin (Part 2 of Candidate Handbook)

The topic areas for each exam part follow:
Exam Certification Objectives Certification Objective Outcome Statement
Advanced Hash Manipulation The candidate will demonstrate an understanding of advanced techniques for breaking and using password hashes.
Command Shell vs. Terminal Access The candidate will demonstrate an understanding of the difference between shell and terminal access and the advantages of each
Enumerating Users The candidate will demonstrate an understanding of the common ways to enumerate users during a pen-test and why it is important to do so
Exploitation Fundamentals The candidate will demonstrate an understanding of the fundamental concepts associated with the exploitation phase of a pen-test
Injection Attacks The candidate will demonstrate an understanding of the basic concepts associated with injection attacks.
Legal Issues The candidate will demonstrate an understanding of the legal issues that surround pen-testing
Metasploit The candidate will demonstrate an understanding of Metasploit and how it can be used during a pen-test
Moving Files with Exploits The candidate will demonstrate an understanding of how to use exploits to move files between remote systems
Obtaining and Passing Password Representations The candidate will demonstrate an understanding of the various ways to obtain password hashes from a target system during a pen-test
Overview of Passwords The candidate will demonstrate an understanding of the various password types and formats.
Pen-testing Foundations The candidate will demonstrate an understanding of the fundamental concepts associated with pen-testing
Pen-testing Process The candidate will demonstrate an understanding of the pen-testing process and the importance of reporting.
Pen-Testing via the Command Line The candidate will demonstrate an understanding of the Windows command line and other command shells that can be used during a pen-test.
Profiling the Target The candidate will demonstrate an understanding of how to conduct port, operating system and service version scans and their purpose during a pen-test.
Reconnaissance The candidate will demonstrate an understand of the basic concepts of reconnaissance and how to obtain basic information during this phase.
Scanning for Targets The candidate will demonstrate an understanding of the fundamental concepts associated with the scanning phase, and the value of network sweeping and tracing as part of a pen-test
Using a Proxy to Attack a Web Application The candidate will demonstrate an understanding of how to use a web proxy during a pen-test to look for web-based weaknesses.
Vulnerability Scanning The candidate will demonstrate an understanding of the importance of vulnerability scanning and how to interpret the results.
Wireless Crypto and Client Attacks The candidate will demonstrate an understanding of the various types of wireless cryptographic and client attacks that can be used during a pen-test
Wireless Fundamentals The candidate will demonstrate an understanding of the fundamental concepts associated with wireless networks as they relate to a pen-test

Where to Get Help

Training is available from a variety of resources including on line, course attendance at a live conference, and self study.

Practical experience is another way to ensure that you have mastered the skills necessary for certification. Many professionals have the experience to meet the certification objectives identified.

Finally, college level courses or study through another program may meet the needs for mastery.

The procedure to contest exam results can be found at http://www.giac.org/about/procedures/grievance.

SANS Security West 2012 - San Diego

Latest Papers

Defense in Depth: An Impractical Strategy for a Cyber World
By Prescott Small | GSEC | 11396

A Preamble Into Aligning Systems Engineering and Information Security Risk
By Craig Wright | GCPM | 128

The Jester Dynamic: A Lesson in Asymmetric Unmanaged Cyber Warfare
By Terrence OConnor | GCPM | 298

Quick and Effective Windows System Baselining and Comparative Analysis for Troubleshooting and Incident Response
By Kevin Fuller | GCIH | 7309

View More Papers »

Latest Tweets

@GIAC_Certs: This week's featured question is from our Forens [...]
December 27, 2011 - 6:18 PM

@GIAC_Certs: Have a background in web app pen testing? Please [...]
December 21, 2011 - 11:20 PM

@GIAC_Certs: If you have a background or experience in web ap [...]
December 21, 2011 - 11:12 PM

@GIAC_Certs: This week's question is from our Firewall Analys [...]
December 09, 2011 - 9:01 PM

View More »

Latest Professionals

Muhammad Anis Rizal ... | GPEN | 7508

Miguel Tejeda | GREM | 3255

Nadeem Douba | GWAPT | 3409

View More Professionals »

 

Contact Us

Phone: 301-654-7267
Mon-Fri 9am-8pm EST/EDT
Questions: info@giac.org
More »

(ISC)2 and CISSP are registered marks of the International Information Systems Security Certification Consortium, Inc.