GIAC’s NEW Applied Knowledge Certifications truly test your mettle and set you apart from your peers. Designed to be challenging, these new certification exams require you to apply your technical expertise and hands-on experience to solve complex security scenarios.

GIAC Experienced Forensics Expert (GX-FE)

The GIAC Experienced Forensic Examiner (GX-FE) demonstrates that a candidate is qualified for a hands-on Windows forensic analyst role. Certification holders will have validated their ability to analyze a Windows host to uncover evidence that proves a user performed a particular activity on the device.

A GX-FE candidate will perform analysis on a variety of disk images using a Windows 10 version of the SIFT workstation pre-configured with commercial, open-source, and freeware forensic tools. Disk images were forensically acquired from Windows computers and removable media, and may be presented in a variety of common evidence formats including E01, Raw/DD, AD1, S01, L01, and KAPE VHDX.

GIAC Experienced Cybersecurity Specialist Certification (GX-CS)

The GIAC Experienced Cybersecurity Specialist Certification (GX-CS) demonstrates that a candidate is qualified for hands-on IT systems roles. Certification holders will validate their ability to solve complex multifaceted problems through new and diversified security practices and tasks.

A candidate of GX-CS will perform work on a variety of hosts, primarily using the *Slingshot distribution and Windows 10. The candidate may encounter other linux-based distributions such as Debian and Ubuntu Server. In some cases a candidate will be working on a single host that could have local containerization. In other cases the candidate will find additional hosts on a network to which they do not have console access.

GIAC Experienced Forensic Analyst Certification (GX-FA)

The GIAC Experienced Forensic Analyst (GX-FA) candidate will perform work on a Windows 10 SIFT workstation which includes a WSL Ubuntu shell containing the SANS SIFT Linux distribution. The host has a variety of GUI based and command line utilities for use during the exam including but not limited to tools for Windows forensics artifact processing and analysis, image mounting and volatile memory analysis.

The candidate will encounter raw data and processed artifacts from a variety of enterprise Windows hosts. They will be required to apply a variety of forensic and incident handling technique to identify and analyze the provided data. 

GIAC Experienced Intrusion Analyst Certification (GX-IA)

The GIAC Experienced Intrusion Analyst Certification (GX-IA) demonstrates that a candidate is qualified to solve complex and unique challenges that Intrusion Analysts encounter. Certification holders will validate their ability to solve multi-step problems through incorporating various concepts and methodologies to identify malicious activity

A candidate of GX-IA will perform work on a variety of hosts, such as Xubuntu, Ubuntu Server, and Windows 10, as well as versions of the SIFT, Slingshot, and SOF-ELK *distributions. In some cases a candidate will be working on a single host that could have local containerization. In other cases the candidate will find additional hosts on a network to which they do not have console access.

GIAC Experienced Incident Handler Certification (GX-IH)

The GIAC Experienced Incident Handler Certification (GX-IH) demonstrates a candidate’s superior incident response skills. Mastery of hands-on attacker techniques combined with incident response tools and practices validate that certification holders have the skills and knowledge to take teams to the next level

A candidate of GX-IH will perform work on a variety of hosts, primarily using the *Slingshot distribution and Windows 10. Some Windows 10 hosts use WSL.  In some cases a candidate will be working on a single host that could have local containerization. In other cases the candidate will find additional hosts on a network to which they do not have console access.

GIAC Experienced Penetration Tester Certification (GX-PT)

The GIAC Experienced Penetration Tester (GX-PT) Certification demonstrates that a candidate is qualified for hands-on red and purple-team penetration testing roles that require advanced skills, thorough comprehension of pentesting methods and approaches, and the ability to think critically in a time-restricted situation. Certification holders will validate their ability to map networks, identify vulnerabilities, and exploit hosts in various environments through a diverse set of tasks.

A candidate of GX-PT will perform work from a variety of hosts, primarily using Windows 10 and the Slingshot* Linux distribution against various other OS types. The candidate may encounter other Linux-based distributions such as Debian and Ubuntu Server. In some cases, a candidate will be working on, or attacking, a single host that could have local containerization, working against enterprise environments that include various Windows Server versions, or dropped into a machine with only console access.