Certification: GPEN

Certification:

GIAC Penetration Tester (GPEN)

Security Professionals that want to demonstrate they are qualified for IT systems hands-on roles with respect to security tasks. Candidates are required to demonstrate an understanding of information security beyond simple terminology and concepts.

See the GIAC website for additional details on the GPEN certification.

Exam Certification Objectives
Objectives Objective Outcome Statement
Advanced Password Attacks The candidate will be able to use additional methods to attack password hashes and authenticate.
Attacking Password Hashes The candidate will be able to obtain and attack password hashes and other password representations.
Command Shell vs. Terminal Access The candidate will know the benefits, limitations, and distinguishing characteristics of command shell and terminal access.
Enumerating Users The candidate will be able to enumerate users through different methods.
Exploitation Fundamentals The candidate will be able to demonstrate the fundamental concepts associated with the exploitation phase of a pentest.
General Web Application Probing The candidate will be able to use tools and proxies to understand and exploit web application weaknesses.
Initial Target Scanning The candidate will be able to conduct port, operating system and service version scans and analyze the results.
Metasploit The candidate will be able to use and configure the Metasploit Framework at an intermediate level.
Moving Files with Exploits The candidate will be able to use exploits to move files between remote systems.
Password Attacks The candidate will understand types of password attacks, formats, defenses, and the circumstances under which to use each password attack variation. The candidate will be able to conduct password guessing attacks.
Pen-testing Foundations The candidate will be able to demonstrate the fundamental concepts associated with pen-testing.
Pen-testing Process The candidate will be able to utilize a process-oriented approach to pentesting and reporting.
Pen-Testing via the Command Line The candidate be able to use advanced Windows command line skills during a pen test.
Reconnaissance The candidate will understand the fundamental concepts of reconnaissance and will understand how to obtain basic, high level information about the target organization and network, often considered information leakage, including but not limited to technical and non technical public contacts, IP address ranges, document formats, and supported systems.
Scanning for Targets The candidate will be able to use the appropriate technique to scan a network for potential targets.
Vulnerability Scanning The candidate will be able to conduct vulnerability scans and analyze the results.
Web Application Attacks The candidate will be able to utilize common web application attacks.
Wireless Crypto and Client Attacks The candidate will be able to utilize wireless cryptographic and client attacks including but not limited to hijacking and key attacks.
Wireless Fundamentals The candidate will understand the fundamental concepts associated with wireless networks.