Use this quick start guide to collect all the information about GIAC GXPN Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) certification exam.
The GIAC GXPN certification is mainly targeted to those candidates who want to build their career in Offensive Operations domain. The GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of GIAC GXPN.
GIAC GXPN Exam Summary:
| Exam Name | GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) |
| Exam Code | GXPN |
| Exam Price | $999 (USD) |
| Duration | 180 mins |
| Number of Questions | 60 |
| Passing Score | 67% |
| Books / Training | SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking |
| Schedule Exam | GIAC |
| Sample Questions | GIAC GXPN Sample Questions |
| Practice Exam | GIAC GXPN Certification Practice Exam |
GIAC GXPN Exam Syllabus Topics:
| Topic | Details |
|---|---|
|
Bypassing Linux Exploit Mitigations
|
- The candidate will be able to identify Linux stack protections and recognize how to bypass them. |
|
Bypassing Windows Memory Protections
|
- The candidate will be able to identify Windows stack protections and describe how to bypass them. |
| Endpoint Control Evasions and Escalation | The candidate will be able to apply an array of techniques to bypass and break out of common endpoint protections and restrictions. |
| Establishing Network Access | - The candidate will demonstrate knowledge in enumeration and bypass of common network access controls used to obtain initial connectivity. |
| Infrastructure Manipulation and Exploitation | - The candidate will demonstrate an understanding of how routing and traffic control can be influenced to exploit networks. |
|
Linux Execution, Memory, and Shellcode Foundations
|
- The candidate will be able to describe Linux memory organization and management fundamentals, low-level Linux binary execution, and how to leverage this information with shell code. |
|
Network Interception and Traffic Manipulation
|
- The candidate will be able to describe the process of intercepting, observing, and altering traffic flows. |
|
Practical Cryptography
|
- The candidate will be able to identify issues in cryptographic implementations and different ways to exploit those implementations. |
| Practical Scripting for Offensive Operations | - The candidate will be able to create new, and adapt existing, small objective-focused, scripts. |
| Product Security Testing and Fuzzing Foundations | - The candidate will be able to build fuzzing grammars and know when and how to use them. |
|
Return Oriented Stack-Based Exploits
|
- The candidate will be able to create simple return-oriented chains to achieve execution. |
|
Source Code Based Fuzzing Techniques
|
- The candidate will be able to demonstrate the use of available source code to improve fuzzing efficiency and ensure greater code coverage. |
| Windows Execution and Memory Foundations | - The candidate will be able to describe the low-level Windows execution process as well as run-time and execution-time protections. |
|
Windows Overflows and Execution Control
|
- The candidate will be able to demonstrate how execution control can be gained by leveraging internal Windows mechanisms, such as structured exception handling. |
To ensure success in GIAC GXPN certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) exam.