As I described the other day I am planning to knock out both GXPN and OSCP by the end of the year ideally. Now I suppose I’ll explain the Why and how I’m tackling these.
For those not familiar with the two certs, GXPN is the GIAC Exploit Researcher and Advanced Penetration Tester certification, which tracks to SANS 660, where the OSCP is the Offensive Security Certified Professional and tracks to their Pen-200 course(for the most part).
So oddly enough I plan to go through GXPN first. Luckily, I am able to utilize the SANS.edu Alumni benefit since I have a couple of their Graduate Certificates which will knock the cost down a bunch, but the primary driver for going after GXPN first is simply that most of my other GIAC certs are up for renewal in the next 1-2 years which I am required to have to remain in compliance with the newer DOD 8140 requirements. Additionally, I’m really interested in doing some penetration testing in the future, with the ability to really understand some of the more novel attack vectors that are out there.
So the next couple of weeks I’m going to be spending a lot of time running through TryHackMe and going through TCM Security’s Practical Ethical Hacking Course to rebuild the foundational hands-on Pen Testing skills that I have let somewhat lapse over the last couple of years. Additionally, I’ll be building out my lab to support the type of work that I’ll be getting into.
Furthermore, the plan is to kick off some more of the advanced topics that GXPN requires mid-June with a Github repo recommended to me for getting started in Vulnerability Research. The expectation is that by the second week of July I will purchase SANS 660 and get moving with official content and the books that will be required to get through this exam.
This leads into some more of the “Content Creator” stuff that I want to work on at the same time.
So over the coming months I’m going to be working to provide guides,blogs, posts etc… to really capture some of the common tools, processes and such for others to try to do the similar things. There are two reasons for this, one to drive the material home for myself and others, and to improve my writing for less technical and/or more managerial personalities. I’ve always struggled to do this both in conversation and written, so this will truly be beneficial, although probably pretty rough at first.
I’m not going to really touch on OSCP quite yet since that is my secondary target and, in theory, should be pretty simple once I get through GXPN. From what I gathered from a few videos, TCMs content, OffSec Content, and popping a lot of boxes should get me through the technical aspects. To be clear this isn’t to diminish the difficulty of OSCP, but how I understand the exam to be with regards to the preparation I will be putting in for GXPN already. Assuming my budget remains intact, I want to get OffSec’s Unlimited subscription towards Halloween to carry me through 2025s goal of having 3 OffSec certs. I’m sure I will have some thoughts between now and then about it, but I don’t plan to explicitly do a “How I prepare for OSCP” until around that time.
I believe I have touched on the how and why, but I’m interested to hear thoughts about my thought process. Are these realistic expectations? Has anybody done this certification path before? Anybody have recommendations for GXPN, content is pretty slim for this exam?
Till Next Time.
Leave a Comment