Areas Covered
- Network Attacks, Cryptography, and Restricted Environments
- Python, Scapy, and Fuzzing
- Exploiting Windows and Linux for Penetration Testers
Who is GXPN for?
- Network Penetration Testers
- Systems Penetration Testers
- Incident Handlers
- Application Developers
- IDS Engineers
- Security personnel responsible for assessing target networks, systems and applications to find vulnerabilities
GXPN with CyberLive
GIAC knows that cyber security professionals need:
- Discipline-specific certifications
- Practical testing that validates their knowledge and hands-on skills
In response to this industry-wide need, GIAC developed CyberLive - hands-on, real-world practical testing.
CyberLive testing creates a lab environment where cyber practitioners prove their knowledge, understanding, and skill using:
- Actual programs
- Actual code
- Virtual machines
Candidates are asked practical questions that require performance of real-world-like tasks that mimic specialized job roles.
Exam Format
- 1 proctored exam
- 60 questions
- 3 hours
- Minimum passing score of 67%
Delivery
NOTE: All GIAC Certification exams are web-based and required to be proctored. There are two proctoring options: remote proctoring through ProctorU, and onsite proctoring through PearsonVUE. Click here for more information.
GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt.
Exam Certification Objectives & Outcome Statements
- Accessing the Network The candidate will demonstrate an understanding of how to bypass network access control systems.
- Advanced Fuzzing Techniques The candidate will be able to develop custom fuzzing test sequences using the Sulley framework, measure code coverage in fuzzing, identify the limitations of fuzzing, and identify ways to improve a fuzzer.
- Advanced Stack Smashing The candidate will demonstrate an understanding of how to write advanced stack overflow exploits against canary-protected programs and ASLR.
- Client Exploitation and Escape The candidate will demonstrate an understanding of bypassing or exploiting restricted Windows or Linux client environments, and exploiting or interacting with client environments using tools like Powershell.
- Crypto for Pen Testers The candidate will be able to attack and exploit common weaknesses in cryptographic implementations.
- Exploiting the Network The candidate will demonstrate an understanding of how to exploit common vulnerabilities in modern networks attacking client systems and common network protocols.
- Fuzzing Introduction and Operation The candidate will demonstrate an understanding of the benefits and practical application of protocol fuzzing to identify flaws in target software systems.
- Introduction to Memory and Dynamic Linux Memory The candidate will demonstrate a basic understanding of X86 processor architecture, Linux memory management, assembly and the linking and loading process.
- Introduction to Windows Exploitation The candidate will demonstrate an understanding of Windows constructs required for exploitation and the most common OS and Compile-Time Controls.
- Manipulating the Network The candidate will demonstrate an understanding of how to manipulate common network systems to gain escalated privileges and the opportunity to exploit systems.
- Python and Scapy For Pen Testers The candidate will demonstrate an understanding of the ability to read and modify Python scripts and packet crafting using Scapy to enhance functionality as required during a penetration test.
- Shellcode The candidate will demonstrate the ability to write shellcode on the Linux operating system, and demonstrate an understanding of the Windows shellcode methodology.
- Smashing the Stack The candidate will demonstrate an understanding of how to write basic exploits against stack overflow vulnerabilities.
- Windows Overflows The candidate will demonstrate an understanding of how to exploit Windows vulnerabilities on the stack, and bypass memory protections.
Other Resources
- Training is available in a variety of modalities including live training and OnDemand
- Practical work experience can help ensure that you have mastered the skills necessary for certification
- College level courses or self paced study through another program or materials may meet the needs for mastery.
- Get information about the procedure to contest exam results.
Practice Tests
- These tests are a simulation of the real exam allowing you to become familiar with the test engine and style of questions.
- Practice exams are a gauge to determine if your preparation methods are sufficient.
- The practice bank questions are limited so you may encounter the same question on practice tests when multiple practice tests are purchased.
- Practice exams never include actual exam questions.
- Purchase a GXPN practice test here.
- GIAC recommends leveraging additional study methods for test preparation.
