The GIAC Penetration Tester (GPEN), a vendor-neutral, worldwide recognized information security certification, validates a practitioner’s ability to adequately perform a penetration test using best practices and methodologies. GPEN holders can execute exploits, achieve in-depth reconnaissance, and also leverage a process-oriented approach to penetration testing. In this blog post, we will explore the GPEN certification, from what it is and who should get it to how candidates can best prepare for the GPEN certification exam.
What is the GPEN certification?
The GIAC Penetration Tester (GPEN), administered by the Global Information Assurance Certification (GIAC) program, is a vendor-neutral technical certification validating advanced-level penetration testing skills. It validates a penetration tester’s ability to conduct a best-practice and methodology-based penetration testing.
The GPEN certification also provides holders with the required expertise to handle any legal issues tied to penetration testing. To become GPEN-certified, candidates must pass the GIAC GPEN certification exam, which tests their abilities to conduct a penetration test using methodologies. The exam also tests their abilities to properly handle both the non-technical and technical aspects of penetration testing.
The areas covered by the certification are the following:
- Comprehensive penetration test planning, scoping, and reconnaissance.
- In-depth scanning and exploitation, post-exploitation, and pivoting.
- In-depth password attacks and web app penetration testing.
As a side note, the GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) certification, by the same provider, is another certification altogether.
Who should get the GPEN certification?
As a certification demonstrating a practitioner’s understanding of a process-based approach to testing and reporting, the GPEN certification is best suited for the following professionals:
- Penetration testers (or ethical hackers) are cybersecurity professionals responsible for testing an organization’s networks and systems to find vulnerabilities that could be exploited by malicious attackers.
- Red-Team members are cybersecurity professionals who simulate the actions of a real-life attacker to test an organization’s defenses.
- Blue-Team members are cybersecurity professionals who work to defend an organization’s networks and systems from real-life attacks.
- Defenders, auditors, and forensic specialists are also cybersecurity professionals who work to protect an organization’s networks and systems.
How does the GPEN certification exam work?
To earn the GPEN certification, practitioners must pass the GIAC GPEN exam. The proctored exam has the following specifications:
- A 3-hour time limit.
- 115 multiple-choice questions.
- A minimum passing score of 74%.
The GIAC GPEN exam tests a candidate’s ability to successfully conduct a penetration test by implementing methodologies and also to understand both the non-technical and technical aspects of penetration testing. To keep up with the ever-changing field of cybersecurity, the GPEN certification requires its holders to renew their certification after four years.
What are the objectives of the GPEN certification?
The GPEN candidate handbook contains sixteen outcome statements, which consist of the knowledge, skills, and abilities (KSAs) that GIAC considers necessary for a GPEN-certified professional.
The 16 outcome statements are as follows:
- Advanced password attacks: The candidate will have the ability to use additional methods to attack password hashes and authenticate.
- Attacking password hashes: The candidate will have the ability to obtain and crack password hashes.
- Azure applications and attack strategies: The candidate will demonstrate an understanding of Azure applications and the attacks against them, namely federated and single sign-on environments and Azure AD authentication protocols.
- Azure overview, attacks, and AD integration: The candidate will demonstrate an understanding of Azure Active Directory (AD) implementation fundamentals, common Azure AD attacks, and Azure authentication techniques.
- Domain escalation and persistence attacks: The candidate will demonstrate an understanding of common Windows privilege escalation attacks and Kerberos attack techniques that are executed to consolidate and persist administrative access to AD.
- Escalation and exploitation The candidate will have the ability to demonstrate the fundamental concepts of exploitation, data exfiltration from compromised hosts, and also pivoting to exploit other hosts within a target network.
- Exploitation fundamentals: The candidate will have the ability to demonstrate the fundamental concepts associated with the exploitation phase of a pentest.
- Kerberos Attacks: The candidate will demonstrate an understanding of attacks against AD, including Kerberos attacks.
- Metasploit: The candidate will be able to use and configure the Metasploit Framework at an intermediate level.
- Moving files with exploits: The candidate will have the ability to use exploits to move files between remote systems.
- Password attacks: The candidate will understand the types of password attacks, formats, defenses, and the circumstances under which to use each password attack variation. The candidate will have the ability to conduct password guessing attacks.
- Password formats and hashes: The candidate will demonstrate an understanding of common password hashes and formats for storing password data.
- Penetration test planning: The candidate will be able to demonstrate the fundamental concepts of penetration testing and use a process-oriented approach to testing and reporting.
- Penetration testing with PowerShell and the Windows command line: The candidate will demonstrate an understanding of the use of advanced Windows command line skills during a penetration test as well as an understanding of the use of advanced Windows Power Shell skills during a penetration test.
- Reconnaissance: The candidate will understand the fundamental concepts of reconnaissance and how to obtain basic, high-level information about the target organization and network, often considered information leakage, including but not limited to, technical and non-technical public contacts, IP address ranges, document formats, and supported systems.
- Scanning and host discovery: The candidate will have the ability to use the appropriate technique to scan a network for potential targets, conduct port, operating system, and service version scans, and analyze the results.
- Vulnerability Scanning: The candidate will have the ability to conduct vulnerability scans and analyze their results.
How good is GPEN as a penetration testing certification?
Among the top penetration testing certifications a provider should hold, the GPEN certification is considered an advanced-level certification and one of the most respected penetration testing certifications in the industry. The certification is praised for its broad range of knowledge enabling holders to contribute, from day 1, to professional penetration testing assignments.
What are the requirements to maintain the GPEN certification?
GIAC certifications like the GPEN are valid for four years. After that, GPEN-certified professionals need to retake the certification exam or earn a minimum of 36 Continuing Professional Education (CPE) credits within the four-year period to maintain their GPEN certification. GPEN holders are required to submit their CPE information and documentation in advance of their certification expiration date, then allow for a 30-day processing time.
What is the best way to prepare for the GPEN certification?
There are multiple ways to prepare for the GPEN certification exam, including the following:
- Completing the GPEN certification training boot camp by the InfoSec Institute.
- Self-studying GPEN topics using books, practice exams, and other resources.
- Test your exam readiness using websites like SkillSet.
Wrapping up
By earning the GPEN certification, penetration testers can validate their skills and knowledge, making them more attractive to potential employers. The GPEN is also a prerequisite for GIAC’s elite Offensive Security Certified Expert (OSCE) certification and a great way to start or advance your career in penetration testing. If you’re unsure if the GPEN certification is the right one for you, consulting community-driven resources such as r/AskNetsec could help.
Contact us if you need help improving with a penetration testing project.