SANS GPEN Experience

SEC560: Enterprise Penetration Testing

In this blogpost I am going to share my experience with SANS GPEN (SEC560: Enterprise Penetration Testing) class and exam.

Training

When it comes to SANS training courses, they are not cheap. I signed up for the Live in-person session in May and the class is led by Tim Medin.

The class training lasted for 6 days (Monday — Saturday), 5 days of class with hands on labs and 6th day is Capture the Flag with the class members in teams.

During training we will learn about different types of Pentests, how to scope a Pentest, Reconnaissance, Initial Access, Persistence, Password Cracking, Command and Control Frameworks, Lateral Movement, Pivoting, Domain Enumeration, Azure Cloud.

Topics and Tools at a glance

Nmap, NSE, Massscan, Hydra, Metasploit, Sliver, Empire, Ghostpack’s Seatbelt, Bloodhound, Mimikatz, John the Ripper, Hashcat, Responder, Impacket, Kerberos attacks, Azure, Azure AD, and Ngrok.

Exam Preparation

I started preparing Index for my exam using the SANS courseware provided during the class. I prepared for a month with no distractions and did hands-on labs that are available offline via VM’s provided for class. There are a few labs that require an on-demand bundle to practice after the class. I did not get the bundle and tried to practice the concepts outside the SANS VM’s using online capture…