GIAC Penetration Tester-GPEN Certification Training Course Overview

This certification course will validate a practitioner ability to properly conduct a penetration test, using best practice techniques and methodologies. GPEN certification holders have the knowledge and skills to conduct exploits and engage in detailed reconnaissance, as well as utilize a process-oriented approach to penetration testing projects

The following topics will be majorly covered:

  • Comprehensive Pen Test Planning, Scoping, and Recon
  • In-Depth Scanning and Exploitation, Post-Exploitation, and Pivoting
  • In-Depth Password Attacks and Web App Pen Testing


  • Security personnel responsible for assessing networks and systems to find and remediate vulnerabilities
  • Penetration testers
  • Ethical hackers
  • Red Team members
  • Defenders, auditors, and forensic specialists who want to better understand offensive tactics

GIAC Penetration Tester-GPEN (40 Hours) Download Course Contents

Course Details Schedule
Live Virtual Classroom (Instructor-Led)

Fee : 1,500 (Includes Taxes) 
9 AM - 5 PM (Flexible Time Slots for 4 hours option)

8 Hours/Day
8 Hours/Day
8 Hours/Day
Client's Location
As per mutual convenience

Classroom training is available in select Cities

Classroom Training (Available: London, Dubai, India, Sydney, Vancouver)
Duration : On Request
Fee : On Request
On Request

Special Solutions for Corporate Clients! Click here

Hire Our Trainers! Click here

Request More Information

Course Prerequisites

  • Attendees are expected to have a working knowledge of TCP/IP.
  • Knowledge to understand the differences between cryptographic routines such as DES, AES, and MD5.
  • Basic knowledge of the Windows and Linux command lines

Upon completion of this course, you will be able to accomplish the following:

  • Developing a tailored scoping and rules of engagement for penetration testing projects and to ensure the work is focused, well defined, and conducted in a safe manner
  • Knowing of how to conduct detailed reconnaissance using document metadata, search engines, and other publicly available information sources to build a technical and organizational understanding of the target environment
  • Utilizing the Nmap scanning tool to conduct comprehensive network sweeps, port scans, Operating System fingerprinting, and version scanning to develop a map of target environments
  • Knowing how to identify and properly execute Nmap Scripting Engine scripts to extract detailed information from target systems
  • Configuration and launching of the Nessus vulnerability scanner so it discovers vulnerabilities through both authenticated and unauthenticated scans in a safe manner, and customize the output from such tools to represent the business risk to the organization
  • Knowing of how to analyse the output of scanning tools to manually verify findings and perform false positive reduction using Netcat and the Scapy packet crafting tools
  • Usage of the Windows and Linux command lines to plunder target systems for vital information help determine business risks
  • Configuring the Metasploit exploitation tool to scan, exploit, and then pivot through a target environment in-depth
  • To generate a comprehensive password attacks against an environment, including automated password guessing (while avoiding account lockout), traditional password cracking, rainbow table password cracking, and pass-the-hash attacks
  • Launching the web application vulnerability scanners such as ZAP and then manually exploit Cross-Site Request Forgery, Cross-Site Scripting, Command Injection, and SQL injection attacks to determine the business risks faced by an organization