GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) – Review

I recently passed GXPN with great score (96%) and here I write my review about the course and the exam.

SANS/GIAC is the most informative and prestigious training/certification in information security industry. GXPN is the most advanced certification in Penetration Testing offered by SANS/GIAC.

My Background

I’ve almost 7 years experience in Penetration Testing and almost 75% hands-on and scattered knowledge of the course syllabus.

SANS 660 Course

SEC 660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking is the course for GXPN. The course is very informative and giving almost everything you want to start writing finding vulnerabilities and writing exploits.

The course has 6 days where:

Day 1: This day talks mainly network level attacks starting with bypassing NAC, MitM attacks, routing protocols attacks, SNMP, network manipulation and others.

Day 2: This day talks about crypto algorithms and attacks then it goes back to network booting attacks, then Powershell for penetration testers and finally attacks on restricted environment like Kios, SRP and AppLocker.

Day 3: Here things are getting more difficult. This day talks about Python, Scapy, Sulley and other fuzzing tools.

Day 4: This day talks about Linux exploitation, but it starts with introduction about memory and CPU especially in Linux.

Day 5: This day talks about Windows exploitation and anti-exploitation techniques.

Day 6: Bootcamp (CTF).


The exam is objective with about 60 questions. There are 7 lab exams where I had access to remote desktop in order to be able to figure out the answer.

The exam is open book and I had prepared two indexes for it. The first is about every tool used in the course, the usage and the page number. The other index, is the term index.

I had two practical tests before the real attempt, for the first practical test I decided to take it to measure my understanding for the course so I set immediately after the course and without the books and without preparing my index. I got 89% score which was very promising for me.

I needed about 10 days to go through the books and build my indexes. Then I set for the second practical exam with the index and the books. I got 87% this time which also gave the confidence that I am well prepared for the exam so I scheduled the exam.

In the exam, I’ve my the following with me:
– The books
– PE File format
– TCP/UDP common ports
– Metasploit Meterpreter commands

I’ve finished the exam after 2 hours and 30 minutes and got 96% score :D.

SANS Advisory Board

In the same day, I got an invitation from SANS to join their advisory board as I got high score in GXPN.

112 thoughts on “GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) – Review”

  1. Hey man how are you doing.
    thank you for the GXPN review, it was useful for me.
    i attended the course, its amazing, and i would like to know if you have a walk-through for the last challenge in day 4 which is about developing an explaoit for ret2libc_aslr as i need to understand it very well.
    really appreciate your help in advance.

  2. Hey I just finished this course as well online, but have never made an index before.

    Would I be able to see yours to get a reference base on how to create my own?

  3. I am about to test for my exam, would you mind sharing your indexes with me? Would love to get a base.

    Thanks for the write up!

  4. Hello,
    I’m planning for the exam by end of year; appreciate if you can send me the index.
    One more thing about labs, do you recommend an external resource for practicing them.

  5. Hello,
    I’m preparing to exam, appreciate if you share the index.
    One more thing, do u recommend any external resource for practicing.

  6. Just Completed this course through Ondemand. I here going through the Labs and exercises are the most important. should I spend most of my time reviewing labs, or just keep refining my index? can you also share your index? also, do you suggest any extra books or cheat sheets that I should take to the exam?

    1. Labs are important but not mandatory… if you are fine and already have hands-on experience then no need for the labs.
      You don’t need extra books, however supportive documents are good. Examples: TCP/UDP common ports, PE file format, Metasploit commands…etc.
      I’ve sent you the index.

  7. This is a fantastic write up! I would love to compare your index with mine and see how it differs. Would you mind sharing it with me please?

  8. Hey Opaida. I’m compiling my own index as I’m going through the book but, if you don’t mind, would like to have yours to see if I missed something. Thank you in advance!

  9. I just tackled GCIH and I’m waiting for my advisory board invitation… They’re taking a couple of days as I get restless.. Can I get your index for GXPN for research and future attempts at it?

  10. He man, thank you for the review it’s very useful.
    I planned to pass the GXPN in 2 months and i wanna do my index based on the course.
    can you please share your index with me to have an overview about how to do it.
    thank you in advance.

  11. Hi Opaida,

    I was wondering if you’d be willing to share your index with me. I recently started my OnDemand edition, and am just now finishing up Section 1. While I have my OSCP etc., this is my first SANS course, so I’m not used to the exam format yet.

    Thanks again, and congrats!

  12. Hola,

    Excellent review for GXPN, I’m taking the GXPN course and planning to present the exam in February, would you mind sharing your index with me? Gracias, I really appreciate it.

    Also, any advise or recommendations when doing the CTF? I’m thinking of teaming up with some folks but any advise is recommended! Thanks, btw I’ve done GWAPT CTF and it was nice, I know how it works & stuff!.

  13. Hi Opaida,

    Nice review and kudos for becoming gxpn cert’ed.
    Can I have your index as well, gonna take the exam in december?

    Thanks upfront ;]

  14. Hi Opaida,

    Thanks for your blog entry reviewing your GXPN experience. Great score..!!

    I also happen to be trying to take the exam. Could you share your index with me too, please?

  15. Thanks a lot for the review! I’m currently in section of of an on demand edition, and am loving the course so far.

    I was wondering if you’d be willing to share your index with me as well. I already have my OSCP and eCPPT, but this is my first SANS course.


  16. Hey,
    What about these 7 lab questions? Was it something straightforward like use metasploit and get some file from system or you had to write some custom buffer overflow to get the answer?
    Are these 7 equally weighed as all other questions?

    Could you share the index too please?

  17. Hi,

    Do you know if these 7 lab exams were equally weighted as all other questions? were these difficult lab exercise or something easy like running metaspoit and get some file?

    Could you also share your index?

    1. For the lab mark am not sure.
      For the difficulty of the labs, just re-do the lab mentioned in the materials and you are fine.
      Finally, I’ve sent you the index.

  18. Thanks for sharing this review. Really helpful and encouraging! Would you also mind sharing your index? A bit worried I am missing a few. Thanks!

  19. Hi,

    Great post. I’d also like a copy of your index and any other references/books you feel comfortable about sharing them.

      1. would you please send me index for GXPN 660? I am taking the exam this month. Greatly appreciate your help.

  20. Hi, do you mind sharing the index with me. I would like to compare when building my index to make sure I haven’t missed anything. Thank you.

  21. Great review, I have some certs (CEH, OSCP) but this is my first SANS one. I have been told there is now a practical section (hand on like OSCP) did you find this to be true?

    I also would appreciate it too if you shared your index.

  22. Could you share your indeed with me as well? I sit for the exam in 4 days and want to make sure I haven’t missed anything.

  23. Hi. Thanks for the review. I plan on taking my exam next week. I just finished my index and decided to do some googling to see what else people made. Can you send me a copy of yours? Thanks!

  24. Hi there!

    Many thanks for sharing your experiences!

    As others have done, can I also get a copy of your index please?

  25. Looks like I may be a few months late to the party, but is there any chance I could also get a copy of your index?

    I’ve actually got two already (one I created and one my buddy and I created), but would like to combine them into one. Neither of us have taken the exam yet, but we both will soon. It would be enlightening to compare ours to someone that has passed the exam. Thanks!

  26. Thanks for the review as am getting closer for the exam could you please share the index
    am sure its helpful, Thanks

  27. It looks like your index has been super popular. The ten days you put into it seems to have helped a lot of people. If you don’t mine sending it to me, I would love to take a look as well. Congrats on your attaining the certification. Cheers.

  28. Hi, great write up , thanks a lot to share . May you share the Index with me please, i have my exam in couple of weeks ?

  29. Hello mate, thanks for the great review I have just finished the course and learned tons of things and willing to take the exam next month I was just asking if you could kindly share with me the indexes you used and thanks a lot

Leave a Reply

Your email address will not be published. Required fields are marked *