SEC660/GXPN Review And Its Comparison With OSED
说起来,已经挺久没有写关于培训课程与认证的心得了,即便是通过Hi OSCE3folks, 之后。在过去几天,我通过了it's been quite a while since I last wrote review on training courses and certifications, even after passing OSCE3. In the past few days, I passed the GXPN exam, which is the certification exam of the SEC660 课程所对应的认证course. GXPNSince 的考试,因为我也是第一次接触this was my first experience with a SANS 的课程与course and a GIAC 的认证,因此发表一些心得与感受,以及与certification, OSEDI 的对比。wanted to share some thoughts and impressions, as well as a comparison with OSED.
课程基本信息About The Course
SEC660 (https://www.sans.org/cyber-security-courses/advanced-penetration-testing-exploits-ethical-hacking/)是 SANSis 提供的高级渗透测试以及漏洞利用开发方向的课程,而an advanced penetration testing and exploit development course offered by SANS, while GXPN (https://www.giac.org/certifications/exploit-researcher-advanced-penetration-tester-gxpn/) 是is the certification provided by GIAC 提供的针对specifically for the SEC660 课程的认证。course.
价格Price
不包括考试凭证,单课程本身就The 8500+course 美元,而考试凭证alone, 979without 美元。课程加上考试凭证,最终总计接近the 10000exam 美元,十分感谢单位的报销,如果是个人购买,绝对不推荐的。voucher, costs over $8,500, and the exam voucher is $979. Altogether, the course and exam total nearly $10,000. I’m extremely grateful for my employer’s reimbursement—this would definitely not be recommended for individual purchase.
课程形式Course Format
根据排期现场上课,或者根据自己节奏自学,但价格几乎一致。报名后,You can either attend in-person classes according to the schedule or study at your own pace, but the price is nearly the same. After enrolling, SANS 会邮寄超过will 1200send 页的纸质教材,可以从网上下载over 1,200 pages of printed materials, provide access to download the PDF 版本教材,访问在线version, Lab,下载可本地部署的access the online labs, and download locally deployable VM 镜像等。我选择的是根据自己节奏自学,但现在看来会觉得现场上课更有氛围感。教材与images. LabI 资源可以访问opted for self-paced learning, but in hindsight, I feel that attending in-person classes would have provided a better atmosphere. The course materials and lab resources are accessible for 4 个月。months.
知识领域Covered Topics
课程覆盖的知识领域还是很宽广的,内容很充足,量大管饱。有对网络协议的攻击与渗透,密码学攻击,The course covers a wide range of knowledge areas, with rich and substantial content. It includes attacks and penetration on network protocols, cryptographic attacks, post-exploitation on Windows/LinuxLinux, 后利用,限制性环境逃逸,基于escaping Pythonrestrictive 的渗透工具开发environments, ,FUZZdeveloping 测试,Python-based penetration tools, fuzz testing, PE 与and ELF 文件格式,32位file formats, writing 32-bit shellcode for Linux 与and Windows, Linux 32-bit buffer overflows and protection bypasses (NX, ASLR, Canary, etc.), Linux 64-bit buffer overflows (though this section is brief), and Windows 的32-bit shellcode编写,Linuxbuffer 32overflows 位缓冲区溢出以及防护绕过(NX,ASLR,Canary等),Linuxand 64protection 位缓冲区溢出(篇幅不长),Windowsbypasses 32 位缓冲区溢出以及防护绕过(SEH,DEP等 DEP, etc.). 等。总的来说,主要是围绕着高级渗透测试与漏洞利用开发领域。Overall, the course focuses primarily on advanced penetration testing and exploit development.
考试基本信息About The Exam
上文所说,课程本身不包括考试凭证,如果想要获得认证,需要额外购买考试凭证,通过后方可获得As mentioned earlier, the course itself does not include the exam voucher. If you want to obtain the certification, you need to purchase the exam voucher separately. After passing the exam, you will receive the GXPN 认证。接下来,在不泄露具体考题的情况下说一下考试的相关事项。certification. Now, without revealing specific exam questions, let’s discuss some relevant details about the exam.
考试预约Exam Reservation
可以去线下的考试中心参与考试,或者在家使用特定的监考软件进行。这次,我选择的后者,但体验很令人失望和沮丧。同样是有监考的考试,You can take the exam at an exam center or at home using specific proctoring software. I chose the latter this time, but the experience was disappointing and frustrating. Even though it was a proctored exam, the GXPN 的考试体验比exam Offsecexperience 的考试体验还差得多。我觉得这次负面体验主要源于不够专业和熟练的监考官,他让考生注册阶段维持了接近一个小时。除此之外,还有was much worse than Offsec’s. I believe the negative experience was mainly due to the unprofessional and inexperienced proctor. The registration process alone took nearly an hour.
In addition, when I had 5 题结束考试的时候,在我自家网络没有问题的情况下,我遭遇了考试连接问题,被迫进行了第questions 2left 次考生注册,第二个监考官也不是很熟练和专业,相同且无用的操作进行了多次。to complete the exam, I encountered connectivity issues despite my home internet being stable. This forced me to go through the registration process a second time. The second proctor was also not very experienced, and they repeated the same ineffective procedures multiple times, which made the situation even more frustrating.
考试形式Exam Format
考试包含The exam consists of 60 题单选题,其中multiple-choice questions, with 55 题根据题目描述进行选择,questions requiring selections based on the given descriptions and 5 题在网页端访问的questions being hands-on tasks. For the hands-on questions, you perform actions in a VM 上操作并得到要求的信息后进行选择,即操作题。虽然考试是选择题的形式,但实操性以及对课程内容的理解程度要求还是挺高的。我本想着这是选择题形式的考试,一开始有些轻视,但实际做起来发现有些汗流浃背。最后accessed via the web interface and select the correct answer based on the information obtained.
Although the exam is in multiple-choice format, it requires a high level of practical skills and a deep understanding of the course material. Initially, I underestimated the exam, thinking it would be straightforward due to the format, but once I started, I found myself sweating a bit. The final 5 题操作题不难,不需要像hands-on questions were not particularly difficult, and unlike the OSED 那样写完整利用过程和一键脚本。exam, they didn’t require writing out a full exploit chain or an automated script.
考试是开卷考试,但只能查阅携带的书本和纸面笔记,不能使用手机或者网页搜索等方式查询资料。大部分题目的答案可以在书中找到,所以一定要快速分析题目的考察知识点,以及出自教材的位置。题目的陷阱和兔子洞挺多,比较棘手,且没有很多能一眼看出答案的送分题。The exam is open book, but you are only allowed to refer to the books and paper notes you bring. You cannot use a phone, web searches, or any other online resources. Most of the answers can be found in the course materials, so it's crucial to quickly analyze the key concepts being tested and locate the relevant information in the textbooks. The questions contain plenty of traps and rabbit holes, making them quite tricky, and there aren’t many straightforward, easy points where you can immediately identify the correct answer.
The exam duration is 3 hours, which is more than enough time. In both the two practice tests and the final exam, I finished in about 1.5 hours.
过关标准Passing Standard
考试得分To pass the exam, you need a score of 67%, 过关,即答对meaning 2/3you 的题目,考完就知道是否通过。在下文提到的模拟练习中,解答完一道题目就知道是否正确,但考试不会暗示你回答的正确与否。must answer two-thirds of the questions correctly. After finishing the exam, you’ll immediately know whether you passed. In the practice tests mentioned below, you get feedback on whether your answers are correct after each question, but in the actual exam, there is no indication of whether your answers are right or wrong.
模拟题Practice Test
购买考试凭证附赠When 2you 套模拟练习,除了没有监考,以及实时告知考生解答的正确与否,其他与考试一模一样。这purchase 2the 次模拟练习可能会有重合的题目,均来自于题库,所以做完这exam 2voucher, 套后不建议额外购买模拟练习机会。官方声称模拟题中的题目不会出现在考试里,严格来说确实没有,但有不少解题思路一致但仅有数字不同的题目,所以做完it 2includes 套模拟练习对考试肯定有帮助。至于难度,也是差不多。我的考试成绩介于two 2practice 次模拟练习的成绩之间。tests. Apart from the lack of proctoring and the immediate feedback on whether your answers are correct, the practice tests are identical to the real exam. These two practice tests may contain overlapping questions, as they both come from the same question pool. Therefore, after completing the two practice tests, it's not recommended to purchase additional practice tests.
需要注意的是,模拟练习做完之后无法查看与回顾错题,所以遇到错题之后需要立即记录自己失误和薄弱的地方。While the official statement says that the questions from the practice tests won’t appear in the actual exam, strictly speaking, this is true. However, there are quite a few questions that follow the same logic, with only different numbers. So, completing the two practice tests is definitely helpful for the actual exam. In terms of difficulty, they are similar. My exam score ended up being between my two practice test scores.
One important note: After finishing the practice tests, you won’t be able to review the incorrect questions, so it’s crucial to immediately record any mistakes or areas of weakness as you go through the practice tests.
与Comparison with OSED 对比
SECAlthough 660SEC660 虽然包含了漏洞利用开发方向,但覆盖知识不止于此。不过为了公平对比,这里只讨论就漏洞利用开发方向。includes exploit development, its scope extends beyond that. However, to make a fair comparison, I will focus only on the exploit development aspect.
SECSEC660 660covers 比a broader range of topics compared to OSED, such as Linux 32-bit shellcoding, buffer overflows on Linux, the ELF file format, and more. However, OSED 包括的内容更宽广,例如dives Linuxdeeper 32into 位the shellcoding,Linuxcase 下的缓冲区溢出,elfstudies 文件格式等。但of vulnerabilities, and the challenges are more difficult. In terms of the exam, OSED 在漏洞的案例的研究上更加深入,难度也更高。考试的话,也是is OSEDalso 更难。如果已经通过了more OSED,再去学习challenging.
If you have already passed OSED, studying SEC660 会比较轻松,或者说提升比较有限。would be relatively easy. But at the same time, improvement in your skillset would be limited.
个人评价Final Review
因为我在学习Since I had already passed OSEP and OSED before studying SEC660, I found SEC660 之前已经通过了relatively OSEPeasy, 与but OSED,所以学习this SEC660also 课程还是比较轻松的,但这也意味着提升比较有限。我之前以为meant that my improvement was somewhat limited. I initially thought that GXPN 会包含would 64cover 位的64-bit Windows 缓冲区溢出,以及对buffer overflows and bypass techniques beyond SEH/DEP/ASLRASLR, 之外的保护绕过技术,但实际上并没有涉及。以下是个人认为的优点与缺点。but these were not included. Below are the pros and cons based on my personal experience.
优点Pros
1.
- Aside from the cost-effectiveness, the content and quality of SEC660
的内容和品质真的很不错,讲解详细,内容量大管饱。2.are知识比较全面,而且就漏洞利用开发方向,比excellent.OSEDThe更广。3.explanations这门课程不是面对新手的,或者说参与这门课的老手多多少少已经有过are detailed, and there’s a large amount of material to absorb. - The knowledge is comprehensive, and in the area of exploit development, it covers more ground than OSED.
- This course isn’t for beginners; most participants likely have some CTF
经历。但如果先前没有CTF经历,学完这门课能直接上手一些方向。experience. However, if you do not have prior CTF experience, completing this course will give you hands-on knowledge in various areas.
缺点Cons
1.
- Some
就居家考试的体验而言,非常非常非常差。如果有下次,我还是去考试中心参加考试好了。of the content is somewhat outdated or not frequently used in real-world work. - The at-home exam experience was extremely poor. If I were to take it again, I’d definitely opt to take the exam at an exam center instead.