Professional Documents
Culture Documents
Monik 3 R
Monik 3 R
Home Blog
GET STARTED
Certification, Career, Non-Technical
GXPN and OSCP - Why that order?
By
- Shawn Stephens, May 17, 2024
As I described the other day I am planning to knock out both GXPN and OSCP by the end of the year
ideally. Now I suppose I’ll explain the Why and how I’m tackling these.
For those not familiar with the two certs, GXPN is the GIAC Exploit Researcher and Advanced
Penetration Tester certification, which tracks to SANS 660, where the OSCP is the Offensive Security
Certified Professional and tracks to their Pen-200 course(for the most part).
So oddly enough I plan to go through GXPN first. Luckily, I am able to utilize the SANS.edu Alumni
benefit since I have a couple of their Graduate Certificates which will knock the cost down a bunch, but
the primary driver for going after GXPN first is simply that most of my other GIAC certs are up for
renewal in the next 1-2 years which I am required to have to remain in compliance with the newer
DOD 8140 requirements. Additionally, I’m really interested in doing some penetration testing in the
future, with the ability to really understand some of the more novel attack vectors that are out there.
So the next couple of weeks I’m going to be spending a lot of time running through TryHackMe and
going through TCM Security’s Practical Ethical Hacking Course to rebuild the foundational hands-on
Pen Testing skills that I have let somewhat lapse over the last couple of years. Additionally, I’ll be
building out my lab to support the type of work that I’ll be getting into.
Furthermore, the plan is to kick off some more of the advanced topics that GXPN requires mid-June
with a Github repo recommended to me for getting started in Vulnerability Research. The expectation
is that by the second week of July I will purchase SANS 660 and get moving with official content and
the books that will be required to get through this exam.
This leads into some more of the “Content Creator” stuff that I want to work on at the same time.
So over the coming months I’m going to be working to provide guides,blogs, posts etc… to really
capture some of the common tools, processes and such for others to try to do the similar things. There
are two reasons for this, one to drive the material home for myself and others, and to improve my
writing for less technical and/or more managerial personalities. I’ve always struggled to do this both in
conversation and written, so this will truly be beneficial, although probably pretty rough at first.
I’m not going to really touch on OSCP quite yet since that is my secondary target and, in theory, should
be pretty simple once I get through GXPN. From what I gathered from a few videos, TCMs content,
OffSec Content, and popping a lot of boxes should get me through the technical aspects. To be clear
this isn’t to diminish the difficulty of OSCP, but how I understand the exam to be with regards to the
preparation I will be putting in for GXPN already. Assuming my budget remains intact, I want to get
OffSec’s Unlimited subscription towards Halloween to carry me through 2025s goal of having 3
OffSec certs. I’m sure I will have some thoughts between now and then about it, but I don’t plan to
explicitly do a “How I prepare for OSCP” until around that time.
I believe I have touched on the how and why, but I’m interested to hear thoughts about my thought
process. Are these realistic expectations? Has anybody done this certification path before? Anybody
have recommendations for GXPN, content is pretty slim for this exam?
Category
Career
Certification
Non-Technical
Popular Post
GXPN and OSCP - Why that order?
Subscribe
Leave a Comment
First Name*
Last Name
Email*
Website
Comment*
https://github.com/guyinatuxedo/nightmare
Product
Solutions
Open Source
Enterprise
Pricing
nightmare Public
Python 2.5k 402
remenissions Public
Python 148 21
ctf Public
Python 105 23
dawn-guard Public
A bunch of CCDC docs
7 5
elf_docs Public
5
MondayMon
TuesdayTue
WednesdayWed
ThursdayThu
FridayFri
SaturdaySat
Footer
© 2024 GitHub, Inc.
Footer navigation
Terms
Privacy
Security
Status
Docs
Contact
Manage cookies
Do not share my personal information
Blas bkojusner
(Reverse & Vulnerability) Engineer || Kernel Sanders @ v0ldemort
Google + Mandiant University of Florida
@monik3r monik3r
United States
@kablaa kablaa
@Hack-My-World Orlando, FL