← All Roadmaps
GIAC

GIAC GPEN Study Roadmap

GPEN · 12-week plan · Free

Last updated: March 30, 2026

Progress:
0/12

Domain Weight Distribution

D1: Planning & Scoping
15%
D2: Reconnaissance
15%
D3: Scanning & Enumeration
20%
D4: Exploitation
25%
D5: Post-Exploitation & Pivoting
15%
D6: Reporting & Remediation
10%

Week-by-Week Study Plan

Week 1

Domain 1: Planning & scoping — Rules of engagement, legal considerations, methodologies

Week 2

Domain 2: Reconnaissance — OSINT, DNS recon, Google dorking, Shodan, attack surface mapping

Week 3

Domain 3: Scanning — Nmap advanced techniques, host discovery, service enumeration

Week 4

Domain 3: Enumeration — SMB, SNMP, web apps, vulnerability scanning, network mapping

Week 5

Domain 4: Exploitation — Metasploit, buffer overflows, service exploitation

Week 6

Domain 4: Web exploitation — SQL injection, XSS, authentication bypass, web shells

Week 7

Domain 4: Password & wireless — Brute force, hash cracking, WPA attacks, client-side

Week 8

Domain 5: Post-exploitation — Windows/Linux privilege escalation techniques

Week 9

Domain 5: Pivoting — Lateral movement, port forwarding, tunneling, AD attacks

Week 10

Domain 6: Reporting — Report writing, risk ratings, remediation recommendations

Week 11

Index Building: Create open-book index for exam day, organize notes by topic

Week 12

Full Review: Practice exams, Index refinement, Weak areas, Exam logistics

Free Resources

SANS Reading Room

Related Tools

📖

GIAC GPEN Study Guide

Complete exam objectives and domain breakdown

Study Tracker

Track objective completion with progress dashboard

 💰

Cost Calculator

Total cost breakdown and ROI analysis

 🧪

Practice Quiz

Test your knowledge with free practice questions

FixTheVuln Store

Get the GIAC GPEN Study Planner

Fillable PDF with 12-week schedule, domain trackers, flashcard templates, and progress tracking.

Get the Study Planner — $5.99