LER.me

Make All Learning Count.

Get Connected

  • What is a LER?
  • FAQs (opens in new tab)
  • Partner with Us
  • Visit EBSCOed (opens in new tab)

View our Policies

  • Accessibility (opens in new tab)
  • Standards (opens in new tab)
  • Terms of Use (opens in new tab)
  • Privacy Policy (opens in new tab)
  • Opt out (opens in new tab)

Get the app

Get it on Google PlayDownload on the App Store

© 2026 All rights reserved.

Powered by EBSCOed

Skip to main contentSkip to footer
  • Live Data
My LER
My LER
  1. Programs
  3. GIAC Penetration Tester (GPEN)

GIAC Penetration Tester (GPEN)

GIAC

Certification

Become a contributor for free to openly demonstrate student outcomes, industry alignment & eligibility criteria.

The GIAC Penetration Tester (GPEN) certification validates a practitioner's ability to properly conduct a penetration test using best-practice techniques and methodologies. GPEN certification holders have the knowledge and skills to conduct exploits, engage in detailed environmental reconnaissance, and utilize a process-oriented approach to penetration testing projects.

Format

Hybrid

Eligibility Calculator

Which aid programs apply to this program?

Record QualityEligibility Calculators
Loading Skills & Competencies
Program Pathways

Credentials this program stacks toward

No program pathways.

Loading What You'll Learn
Program Details

Detailed information about this program

Areas Covered - Comprehensive Pen Test Planning, Scoping, and Reconnaissance - In-Depth Scanning and Exploitation, Post-Exploitation, and Pivoting - In-Depth Password Attacks and Azure Overview, Integration, and Attacks Who is GPEN for? - Security personnel responsible for assessing network and systems - Penetration testers - Ethical hackers - Red Team members - Blue Team members - Defenders, auditors, and forensic specialists who want to better understand offensive tactics GPEN with CyberLive GIAC knows that cyber security professionals need: - Discipline-specific certifications - Practical testing that validates their knowledge and hands-on skills In response to this industry-wide need, GIAC developed CyberLive - hands-on, real-world practical testing. CyberLive testing creates a lab environment where cyber practitioners prove their knowledge, understanding, and skill using: - Actual programs - Actual code - Virtual machines Candidates are asked practical questions that require performance of real-world-like tasks that mimic specialized job roles. Exam Format 1 proctored exam 82 questions 3 hours Minimum passing score of 73% Note: GIAC reserves the right to change the specifications for each certification without notice. Based on a scientific passing point study, the passing point for the GPEN exam has been determined to be 73% for all candidates receiving access to their certification attempts on or after July 12th, 2025. To verify the format and passing point of your specific certification attempt, read the Certification Information found in your account at https://exams.giac.org/pages/attempts. Delivery NOTE: All GIAC Certification exams are web-based and required to be proctored. There are two proctoring options: remote proctoring through ProctorU, and onsite proctoring through PearsonVUE. Click here for more information. GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt.

Requirements

What you need to earn this credential

No requirements listed.

Financial Aid

Eligible funding programs

No funding information available.

Scholarships

No scholarships listed.

Visit Program Website
Locations

Where this program is offered

No locations specified.

Loading Student Outcomes
Related Programs

Programs related to this one

No related programs.

Skills & Competencies

Skills developed through this program

  • Use advanced methods to attack password hashes and authenticate
  • Obtain and attack password hashes and other password representations
  • Understand Azure applications and the attacks against them including federated and single sign-on environments and Azure AD authentication protocols
  • Understand Entra ID implementation fundamentals, common Entra ID attacks, and Azure authentication techniques
  • Understand the design, application, and use of Command and Control (C2) and common C2 frameworks
  • Understand common Windows privilege escalation attacks and Kerberos attack techniques used to consolidate and persist administrative access to Active Directory
Career Pathways

Occupations this program prepares you for

  • Penetration Testers15-1299.04
What You'll Learn

Key competencies developed through this program

Auto-populated·from NSX Competency Framework

Mastery: developing (Level 2)(based on Certification)

  • Multi-phase penetration testing methodologies — execute with reduced oversight across network, web application, and social engineering test vectors in client environments.
  • Exploitation frameworks such as Metasploit and custom scripts — deploy independently to validate discovered vulnerabilities and demonstrate proof-of-concept exploits.
  • Operating system and application server software — analyze configurations and misconfigurations to identify privilege escalation paths on enterprise infrastructure.
  • Complex problem-solving techniques — apply when encountering non-standard defenses or unexpected system behaviors during live penetration engagements.
  • Intermediate-level assessment reports — author with clear technical narratives, risk ratings, and remediation recommendations for both IT staff and business stakeholders.
  • Database management system software — test for authentication bypass, privilege abuse, and data exposure vulnerabilities in routine client database assessments.
  • Cloud-based management software and infrastructure — assess for misconfigured permissions, exposed storage buckets, and insecure API endpoints in cloud tenancy reviews.
  • Staff and end users reporting security incidents — assist in troubleshooting and correlating symptoms to identify whether issues stem from active compromise or system malfunction.
  • Object-oriented and scripting development environments — write and adapt exploit proof-of-concept code to validate specific vulnerability classes in target applications.
  • Inductive reasoning and pattern recognition — apply across multiple client engagements to identify recurring vulnerability trends and refine testing efficiency.

Some details on this page are auto-populated from public workforce data sources: O*NET (opens in new tab), BLS (opens in new tab), College Scorecard (opens in new tab), DOL Training Provider Results (opens in new tab), NSX (opens in new tab). Provided in partnership with LER.me Career Intelligence.

Student Outcomes

Performance metrics for this program

Completion Rate
Not reported
Placement Rate
Not reported