eCXD Certification

eLearnSecurity Certified eXploit Developer



The eLearnSecurity Certified eXploit Developer (eCXD) tests a student’s capabilities on Windows and Linux exploit development and software vulnerability identification in general. Exploit developers can prove their advanced skills through a challenging, scenario-based exam that requires both knowledge and critical thinking.


Here are some of the ways the eCXD certification is different from conventional exams:

  • Instead of putting you through a series of multiple-choice questions, you are expected to perform a software vulnerability identification and exploitation against actual Windows and Linux software.The exam engagement is modeled after real-world software exploitation scenarios and features binaries protected by multiple anti-exploit mechanisms, hardened hosts and other limitations.
  • Not only are advanced methodologies required to exploit the provided binaries and executables, you are expected to propose alternative exploitation paths as part of your evaluation. A skillset like this will make you a valuable asset in the corporate sector.
  • Only individuals that provide proof of their exploitation attempts are awarded the eCXD Certification.
Knowledge Domains

By obtaining the eCXD, your skills in the following areas will be assessed and certified:

  • Windows and Linux internals
  • Reverse engineering (x86 and x64 platforms)
  • Software debugging
  • Shellcoding
  • Windows and Linux exploit development (including scripting knowledge)
  • Bypassing modern anti-exploit mechanisms (ASLR/PIE, Stack Cookie, NX/DEP, RELRO etc.)
  • Exploiting hardened hosts and overcoming limitations

The eCXD certification tests a candidate’s technical understanding of x86/x64 Assembly, programming concepts, reverse engineering, software debugging and Windows/Linux internals. Anyone can attempt the certification exam, however here are the skills necessary to a successful outcome:

  • Letters of engagement and the basics related to an exploit development engagement
  • Windows and Linux internals
  • Software debugging
  • x86 and x64 reverse engineering as well as shellcoding
  • Knowledge of Windows and Linux exploit development processes and methodologies
  • Bypassing modern anti-exploit mechanisms (ASLR/PIE, Stack Cookie, NX/DEP, RELRO etc.)
  • Ability to perform exploit development against hardened hosts
  • Overcoming limitations during exploit development
  • Tools such as Immunity Debugger, x32dbg, Mona, Pwntools, GDB, Ropper, etc.
  • Good scripting skills (Python, Perl, Ruby etc.)
The exam

eLearnSecurity’s eCXD is the only certification for Exploit Developers that evaluates your ability to use advanced Windows and Linux exploit development techniques, inside a fully featured and real-world environment.

The candidate will receive a real-world engagement within INE’s Virtual Lab environment. You will need an Internet connection and VPN software in order to carry out this exam.

Certification Process

There are two ways to become an eCXD:

1. Subscribe to INE’s Cyber Security Pass and enroll in the Exploit Development Student learning path.

The Exploit Development Student path prepares you for the eCXD exam through a blend of theory and hands-on practical sessions in INE’s Virtual Labs.


2. Attempting the certification without training

Candidates that feel prepared to demonstrate their practical and professional skills can purchase an eCXD voucher and go through the certification process at their own risk.

Whether you are attempting the eCXD certification exam on your own or after having attended one of our approved training courses, you will need to follow these steps to get a certificate:

Whether you are attempting the certification exam on your own or after completing one of our approved learning paths, you will need to purchase an exam voucher before you can start your certification process. Once you obtain the voucher you will receive login credentials to our Certification area where you will manage the exam, the VPN credentials, and any other materials related to the certification process.

Regular vouchers expire after 180 days from purchase.

Before the certification expires, you will have to begin the certification process by clicking on “Begin certification process”. The expiration date will always be available in your certification area and reminder emails are sent to make sure you take advantage of the voucher.

Once you click on the “Begin certification process” button, you will receive an email with instructions regarding the scope of engagement. This letter will contain everything you need to know to take your exam.

Once you have completed the exam portion, it’s time to finalize your report. This should be a commercial grade report proving all of your findings and providing remediation steps for your client. You must submit your report within 14 days from the beginning of the certification process (step 2), in PDF format for review.

You are awarded the certification after an eLearnSecurity instructor carefully reviews your findings and deems your work sufficient. Should you fail the first attempt, you will receive valuable feedback from our instructors. You will then have one free attempt to re-take the certification.

This exam is manually graded. Once submitted, it may take up to 30 days to receive your results.