The Certification Process

  1. Obtain a voucher

    Whether you are attempting the eCXD certification exam on your own or after having attended one of our approved training courses, you will need to obtain a voucher before you can start your certification process.

    Once you obtain the voucher you will receive login credentials to our Certification area where you will manage the exam, the VPN credentials and anything related to the certification process from the beginning up to the (electronic) delivery of your certificate.

  2. Begin the certification process

    Regular vouchers expire after 180 days from purchase.
    Infinity vouchers do not expire.

    Before the certification expires, you will have to begin the certification process by clicking on "Begin certification process". The expiration date will always be available in your certification area and reminder emails are sent to make sure you take advantage of the voucher.

  3. Perform your tests

    As soon as you click on the "Begin certification process" button the instructions regarding the scope of engagement will be available in the "Exams" tab of your Member’s Area.

    This letter will contain exactly what you should test and how. At this point you will start your exploit development activities utilizing the provided data, take note of your findings and document all software exploitation steps.

    The exam network will always be available 24/7 for three (3) days and dedicated to you.

    At any time you will be the only one on the network and will be able to reset the scenario should you damage it during your tests.

    You can also pause the lab and resume from where you left off by simply clicking Start/Stop buttons in the Certification area as you would do with any other Hera Lab scenario.

  4. Upload your report

    Once you have performed in-depth and thorough exploit development activities, it's time to finalize documenting the software exploitation steps.

    Familiarity with reporting activities is assumed, so no commercial-grade report will be required during the eCXD examination process. You will be required to thoroughly document how you exploited each software vulnerability and bypassed any protection or limitation though, to prove your findings.

    When ready and not after five (5) days from the beginning of the certification process (step 2), you will upload your report in PDF format for review.

  5. Obtain your results

    One of our instructors will carefully review your report. If your findings, and your exploit development skills are deemed sufficient to pass the exam, you will be granted the eCXD certification.

    Should you fail the first attempt, the instructor will provide you with valuable feedback. Armed with this information you will have a free retake to be used within three (3) days to upload a new report.

    The retake will commence the moment you view the instructor’s feedback, or automatically 14 days after it is received. During this period the exam lab network will be re-opened for further tests. In any case a new report should be uploaded no later than five (5) days from the date the retake begins.

    Once you pass the exam you will find the digital certificate immediately downloadable and verifiable.

Go to top of page