Use this quick start guide to collect all the information about GIAC GXPN Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) certification exam.
The GIAC GXPN certification is mainly targeted to those candidates who want to build their career in Offensive Operations, Pen Testing, and Red Teaming domain. The GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of GIAC GXPN.
GIAC GXPN Exam Summary:
| Exam Name | GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) |
| Exam Code | GXPN |
| Exam Price | $979 (USD) |
| Duration | 180 mins |
| Number of Questions | 60 |
| Passing Score | 67% |
| Books / Training | SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking |
| Schedule Exam | Pearson VUE |
| Sample Questions | GIAC GXPN Sample Questions |
| Practice Exam | GIAC GXPN Certification Practice Exam |
GIAC GXPN Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Accessing the Network | - The candidate will demonstrate an understanding of how to bypass network access control systems. |
| Advanced Fuzzing Techniques | - The candidate will be able to develop custom fuzzing test sequences using the Sulley framework, measure code coverage in fuzzing, identify the limitations of fuzzing, and identify ways to improve a fuzzer. |
| Advanced Stack Smashing | - The candidate will demonstrate an understanding of how to write advanced stack overflow exploits against canary-protected programs and ASLR. |
| Client Exploitation and Escape | - The candidate will demonstrate an understanding of bypassing or exploiting restricted Windows or Linux client environments, and exploiting or interacting with client environments using tools like Powershell. |
| Crypto for Pen Testers | - The candidate will be able to attack and exploit common weaknesses in cryptographic implementations. |
| Exploiting the Network | - The candidate will demonstrate an understanding of how to exploit common vulnerabilities in modern networks attacking client systems and common network protocols. |
| Fuzzing Introduction and Operation | - The candidate will demonstrate an understanding of the benefits and practical application of protocol fuzzing to identify flaws in target software systems. |
| Introduction to Memory and Dynamic Linux Memory | - The candidate will demonstrate a basic understanding of X86 processor architecture, Linux memory management, assembly and the linking and loading process. |
| Introduction to Windows Exploitation | - The candidate will demonstrate an understanding of Windows constructs required for exploitation and the most common OS and Compile-Time Controls. |
| Manipulating the Network | - The candidate will demonstrate an understanding of how to manipulate common network systems to gain escalated privileges and the opportunity to exploit systems. |
| Python and Scapy For Pen Testers | - The candidate will demonstrate an understanding of the ability to read and modify Python scripts and packet crafting using Scapy to enhance functionality as required during a penetration test. |
| Shellcode | - The candidate will demonstrate the ability to write shellcode on the Linux operating system, and demonstrate an understanding of the Windows shellcode methodology. |
| Smashing the Stack | - The candidate will demonstrate an understanding of how to write basic exploits against stack overflow vulnerabilities. |
| Windows Overflows | - The candidate will demonstrate an understanding of how to exploit Windows vulnerabilities on the stack, and bypass memory protections. |
To ensure success in GIAC GXPN certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) exam.