Pages

Tuesday, July 16, 2013

GXPN - getz!

After the many weeks of crazy after-office hours and weekends, I've finally went for the first attempt and passed the GIAC GXPN http://www.giac.org/certification/exploit-researcher-advanced-penetration-tester-gxpn . It's quite a challenge and probably the hardest examination I've ever took since my computer engineering degree days. For me, I attended Stephen Sim's class (SANS SEC660) and it was the best EVAR. Although things get pretty hairy after day 3, it's totally worth it. And I'm thankful for my company who sponsored the hefty amount. If you're into security, it's like attending a rock concert and get wow-ed at every juncture of the course.

If you decide, however, not to attend SANS SEC660 and do a GIAC attempt, you could do so too. Some tips on preparation can be found @ iPostive's blog: http://ipositivesecurity.blogspot.sg/2012/08/passed-giac-gxpn-exam.html

Btw, GXPN is a 3-hour open book examination and you're allowed to use the course materials. Open-book examinations are usually tougher and kinda applies in this case too. For those who have signed up or intend to attempt the GIAC GXPN in the near future, I've made an index for a quick-flip (trust me - you'll probably need it) and a "time reference" table to help keep track of time since you can only skip 5 questions. http://pastebin.com/wwPVMiqc
Some ways to use it:
1. Use word or some open source office tools to split the page to 3 columns
2. Cut and paste the contents from the pastebin.com link http://pastebin.com/wwPVMiqc
3. Shrink the margin or font to your preference to fit to the number of pages (mine is a 2-page index)
4. You could add/remove more keywords/phrases/toolnames into the index to make it better for your own use.

So what's with the page?
If it says for e.g. Tool X 4.125 - it means Book 4, page 125.
If you want to know how GIAC GXPN is like, you could also goto http://www.pwnag3.com/2012/10/gxpn-review.html to read his/her review.

So what do the candidate need to prepare:

Some tips that helped me:
1. Do the TWO practice exams - they are a good indicator. I got 60% without any book reference. Got a 77% for 2nd practice. And final got a 78%. (Not great, but i'm thankful I've passed. I wished I studied more.)
2. You have to know your basics (nmap, cain rdp mitm, lsa, etc). They are not found in GXPN coursewares and I suspect they are from the SEC560 coursewares. Not too sure about that.
3. You have to know your stuffs really well. Reading is NOT good enough - you'll need to set up your lab environment and spend time working. There's really no shortcut to this - you can't braindump bruteforce your way through this exam.

NOW I AM A FREE BIRD =D Gonna go celebrate a little before returning to my side projects ;)

To the GXPN attempters: Good luck folks!

J.S out.

4 comments:

  1. Hi Jeremy,

    I've just sat and passed to the GXPN today, thanks to your index page! I just wanted to say thanks for your help. I can't say I found the exam easy but some how I managed to achieve 71%.

    If I was to do it again I'd definitely spend a lot more time studying the Cisco topics as well as the Escaping Captive environments. I was initially a little foolish and brushed it off as being a little bit script-kiddy and easy! I quickly learned to regret that decision.

    I'd definitely suggest that anyone attempting the exam is completely comfortable with subjects like IAT/EAT (win) PLT/GOT (linux) and how they feed into exploit development.

    If you have a donation link Jeremy, send it my way as I certainly owe you a beer!

    Dave

    ReplyDelete
  2. Hey Dave,
    =D Congratulations~ Glad the index page helped.

    If you ever come back SG, do ping me and we can go for a drink!

    -JS

    ReplyDelete
  3. For the actual exam, are you allowed to mark the question for review later likes CISSP?

    Thanks

    ReplyDelete
  4. Hey Henry,
    It's been quite a while since I took GXPN. But yes, I think you can mark the question but only up to a limit I think. Good luck~ :)

    ReplyDelete