Black logo - no background

Home Blog
GET STARTED
Certification, Career, Non-Technical
GXPN and OSCP - Why that order?
By
- Shawn Stephens, May 17, 2024
As I described the other day I am planning to knock out both GXPN and OSCP by the end of the year
ideally. Now I suppose I’ll explain the Why and how I’m tackling these.

For those not familiar with the two certs, GXPN is the GIAC Exploit Researcher and Advanced
Penetration Tester certification, which tracks to SANS 660, where the OSCP is the Offensive Security
Certified Professional and tracks to their Pen-200 course(for the most part).

So oddly enough I plan to go through GXPN first. Luckily, I am able to utilize the SANS.edu Alumni
benefit since I have a couple of their Graduate Certificates which will knock the cost down a bunch, but
the primary driver for going after GXPN first is simply that most of my other GIAC certs are up for
renewal in the next 1-2 years which I am required to have to remain in compliance with the newer
DOD 8140 requirements. Additionally, I’m really interested in doing some penetration testing in the
future, with the ability to really understand some of the more novel attack vectors that are out there.

So the next couple of weeks I’m going to be spending a lot of time running through TryHackMe and
going through TCM Security’s Practical Ethical Hacking Course to rebuild the foundational hands-on
Pen Testing skills that I have let somewhat lapse over the last couple of years. Additionally, I’ll be
building out my lab to support the type of work that I’ll be getting into.

Furthermore, the plan is to kick off some more of the advanced topics that GXPN requires mid-June
with a Github repo recommended to me for getting started in Vulnerability Research. The expectation
is that by the second week of July I will purchase SANS 660 and get moving with official content and
the books that will be required to get through this exam.

This leads into some more of the “Content Creator” stuff that I want to work on at the same time.

So over the coming months I’m going to be working to provide guides,blogs, posts etc… to really
capture some of the common tools, processes and such for others to try to do the similar things. There
are two reasons for this, one to drive the material home for myself and others, and to improve my
writing for less technical and/or more managerial personalities. I’ve always struggled to do this both in
conversation and written, so this will truly be beneficial, although probably pretty rough at first.

I’m not going to really touch on OSCP quite yet since that is my secondary target and, in theory, should
be pretty simple once I get through GXPN. From what I gathered from a few videos, TCMs content,
OffSec Content, and popping a lot of boxes should get me through the technical aspects. To be clear
this isn’t to diminish the difficulty of OSCP, but how I understand the exam to be with regards to the
preparation I will be putting in for GXPN already. Assuming my budget remains intact, I want to get
OffSec’s Unlimited subscription towards Halloween to carry me through 2025s goal of having 3
OffSec certs. I’m sure I will have some thoughts between now and then about it, but I don’t plan to
explicitly do a “How I prepare for OSCP” until around that time.
I believe I have touched on the how and why, but I’m interested to hear thoughts about my thought
process. Are these realistic expectations? Has anybody done this certification path before? Anybody
have recommendations for GXPN, content is pretty slim for this exam?

Till Next Time.

Category
Career
Certification
Non-Technical
Popular Post
GXPN and OSCP - Why that order?
Subscribe
Leave a Comment
First Name*
Last Name
Email*
Website
Comment*

https://github.com/guyinatuxedo/nightmare

Product
Solutions
Open Source
Enterprise
Pricing

Search or jump to...

Sign in
Sign up
@guyinatuxedo guyinatuxedo
Overview
Repositories
39
Projects
Packages
Stars
11
@guyinatuxedo guyinatuxedo
View guyinatuxedo's full-sized avatar
guyinatuxedo
guyinatuxedo
I write code, break code, and do things,
395 followers · 14 following
Achievements
Achievement: Starstruckx3
Achievement: Arctic Code Vault Contributor
Achievement: Pull Shark
BetaSend feedback
Pinned
Shogun Public
C 36 4

nightmare Public
Python 2.5k 402

remenissions Public
Python 148 21

ctf Public
Python 105 23

dawn-guard Public
A bunch of CCDC docs

7 5

elf_docs Public
5

164 contributions in the last year

Contribution Graph
Day of Week JuneJun JulyJul AugustAug SeptemberSep OctoberOct NovemberNov
DecemberDec JanuaryJan FebruaryFeb MarchMar AprilApr MayMay
JuneJun
SundaySun

MondayMon

TuesdayTue

WednesdayWed

ThursdayThu
FridayFri

SaturdaySat

Learn how we count contributions

Less
No contributions.
Low contributions.
Medium-low contributions.
Medium-high contributions.
High contributions.
More
2024
2023
2022
2021
2020
2019
2018
2017
2016
Contribution activity
June 2024
3 contributions in private repositoriesJun 2
Seeing something unexpected? Take a look at the GitHub profile guide.

Footer
© 2024 GitHub, Inc.
Footer navigation
Terms
Privacy
Security
Status
Docs
Contact
Manage cookies
Do not share my personal information
 Blas bkojusner
(Reverse & Vulnerability) Engineer || Kernel Sanders @ v0ldemort
Google + Mandiant University of Florida

@owenflannagan Owen Flannagan owenflannagan

@christian108108 christian108108
@daannx danx daannx
@chtzvt Charlton Trezevant chtzvt
Voted "huge birds guy". Jazz man. Software therapist. Co-founder @TampaDevs. CTO @packfiles.
@Packfiles Tampa, Florida

@mjpoulsen MPoulsen mjpoulsen

Likes to tap buttons and make programs.
@alexcote1 ALEXANDER MA COTE alexcote1
@zeroBitOfDiff zeroBit zeroBitOfDiff
Just spreading happy little mistakes wherever I go
@sp0oks Gabriel Alves sp0oks
São Carlos, São Paulo, Brazil

@Albocoder Erin Avllazagaj Albocoder

Malware researcher, PhD student and GradResearchAssistant at UMD
PhD Student, UMD Linux kernel

@bvolpato Bruno Volpato bvolpato

SWE
@Datadog New York, NY

@trietptm Minh-Triet Pham Tran trietptm

APT Hunter, Threat Hunter, Incident Responder, Forensics Analyst, Information Security Consultant,
Red Teamer (Network+System views)
TRIETPTM INFOSEC Vietnam

@monik3r monik3r
United States

@kablaa kablaa
@Hack-My-World Orlando, FL