Certification: GXPN

Certification:

GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)

Security Professionals that want to demonstrate they are qualified for IT systems hands-on roles with respect to security tasks. Candidates are required to demonstrate an understanding of information security beyond simple terminology and concepts.

See the GIAC website for additional details on the GXPN certification.

Exam Certification Objectives
Objectives Objective Outcome Statement
Accessing the Network The candidate will demonstrate an understanding of how to bypass network access control systems.
Advanced Fuzzing Techniques The candidate will be able to develop custom fuzzing test sequences using the Sulley framework.
Advanced Stack Smashing The candidate will demonstrate an understanding of how to write advanced stack overflow exploits against canary-protected programs and ASLR.
Crypto for Pen Testers The candidate will be able to attack and exploit common weaknesses in cryptographic implementations.
Escaping Restricted Environments The candidate will demonstrate an understanding of restricted environments in Linux and Windows, Desktop restriction techniques, as well as tools and techniques for bypassing them.
Exploiting the Network The candidate will demonstrate an understanding of how to exploit common vulnerabilities in modern networks attacking client systems and common network protocols.
Fuzzing Introduction and Operation The candidate will demonstrate an understanding of the benefits and practical application of protocol fuzzing to identify flaws in target software systems.
Introduction to Memory and Dynamic Linux Memory The candidate will demonstrate a basic understanding of X86 processor architecture, Linux memory management, assembly and the linking and loading process.
Introduction to Windows Exploitation The candidate will demonstrate an understanding of Windows constructs required for exploitation and the most common OS and Compile-Time Controls.
Manipulating the Network The candidate will demonstrate an understanding of how to manipulate common network systems to gain escalated privileges and the opportunity to exploit systems.
Network Boot Attacks The candidate will be able to attack and exploit common weaknesses in network boot environments, including DHCP, BOOTP, and PXE.
Python and Scapy For Pen Testers The candidate will demonstrate an understanding of the ability to read and modify Python scripts and packet crafting using Scapy to enhance functionality as required during a penetration test.
Shellcode The candidate will demonstrate the ability to write shellcode on the Linux operating system, and demonstrate an understanding of the Windows shellcode methodology.
Smashing the Stack The candidate will demonstrate an understanding of how to write basic exploits against stack overflow vulnerabilities.
Windows Overflows The candidate will demonstrate an understanding of how to exploit Windows vulnerabilities on the stack, and bypass memory protections.