Certification: GXPN

Certification:

GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)

Target

Security personnel whose job duties involve assessing target networks, systems and applications to find vulnerabilities. The GXPN certifies that candidates have the knowledge, skills, and ability to conduct advanced penetration tests, how to model the abilities of an advanced attacker to find significant security flaws in systems, and demonstrate the business risk associated with these flaws.

*No Specific training is required for any GIAC certification. There are many sources of information available regarding the certification objectives' knowledge areas. Practical experience is an option; there are also numerous books on the market covering Computer Information Security. Another option is any relevant courses from training providers, including SANS.*

Requirements

  • 1 proctored exam
  • 75 questions
  • Time limit of 3 hours
  • Minimum Passing Score of 66%

Renew

Certifications must be renewed every 4 years. Click here for details.

Delivery

NOTE: All GIAC exams are delivered through proctored test centers and must be scheduled in advance.
GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt. GIAC exams must be proctored through Pearson VUE. Please click the following link for instructions on How to Schedule Your GIAC Proctored Exam http://www.giac.org/information/schedule_proctored_exam.pdf. GIAC exams are delivered online through a standard web browser.

Links


Bulletin (Part 2 of Candidate Handbook)

Exam Certification Objectives & Outcome Statements

The topic areas for each exam part follow:

Accessing the Network
The candidate will demonstrate an understanding of how to bypass network access control systems.
Advanced Fuzzing Techniques
The candidate will be able to develop custom fuzzing test sequences using the Sulley framework.
Advanced Stack Smashing
The candidate will demonstrate an understanding of how to write advanced stack overflow exploits against canary-protected programs and ASLR.
Crypto for Pen Testers
The candidate will be able to attack and exploit common weaknesses in cryptographic implementations.
Escaping Restricted Environments
The candidate will demonstrate an understanding of restricted environments in Linux and Windows, Desktop restriction techniques, as well as tools and techniques for bypassing them.
Exploiting the Network
The candidate will demonstrate an understanding of how to exploit common vulnerabilities in modern networks attacking client systems and common network protocols.
Fuzzing Introduction and Operation
The candidate will demonstrate an understanding of the benefits and practical application of protocol fuzzing to identify flaws in target software systems.
Introduction to Memory and Dynamic Linux Memory
The candidate will demonstrate a basic understanding of X86 processor architecture, Linux memory management, assembly and the linking and loading process.
Introduction to Windows Exploitation
The candidate will demonstrate an understanding of Windows constructs required for exploitation and the most common OS and Compile-Time Controls.
Manipulating the Network
The candidate will demonstrate an understanding of how to manipulate common network systems to gain escalated privileges and the opportunity to exploit systems.
Network Boot Attacks
The candidate will be able to attack and exploit common weaknesses in network boot environments, including DHCP, BOOTP, and PXE.
Python and Scapy For Pen Testers
The candidate will demonstrate an understanding of the ability to read and modify Python scripts and packet crafting using Scapy to enhance functionality as required during a penetration test.
Shellcode
The candidate will demonstrate the ability to write shellcode on the Linux operating system, and demonstrate an understanding of the Windows shellcode methodology.
Smashing the Stack
The candidate will demonstrate an understanding of how to write basic exploits against stack overflow vulnerabilities.
Windows Overflows
The candidate will demonstrate an understanding of how to exploit Windows vulnerabilities on the stack, and bypass memory protections.

Where to Get Help

Training is available from a variety of resources including on line, course attendance at a live conference, and self study.

Practical experience is another way to ensure that you have mastered the skills necessary for certification. Many professionals have the experience to meet the certification objectives identified.

Finally, college level courses or study through another program may meet the needs for mastery.

The procedure to contest exam results can be found at http://www.giac.org/about/procedures/grievance.