Get your OSED certification with EXP-301 | OffSec

Train to become OSED certified

EXP-301: Windows User Mode Exploit Development

Starting at $1,749

Level

300
|

885h of content

  • Learn advanced exploit development techniques, including reverse engineering, writing shellcode, and bypassing modern mitigations
  • Earn the OffSec Exploit Developer (OSED) certification

Becoming OSED certified

  • 48-hour proctored

    All exams are proctored by an OffSec employee in a private VPN

  • Hands-on labs

    Identify, exploit, and report real-world vulnerabilities in live lab systems

  • 3 independent exploit tasks

    Reverse engineer to discover vulnerabilities, craft exploits t0 bypass security mitigations, and create custom shellcode

  • Obtain a shell and proof.txt file

    From the shell, a proof.txt file located on the desktop of the administrator user must be retrieved

OSED certification

About the OSED exam

The OffSec Exploit Developer certification validates expertise in advanced exploit development techniques, including reverse engineering, writing shellcode, and bypassing modern mitigations

OSCE³ certification badge

Offensive Security Mastery

About the OSCE³

Achieving the OSCE³ certification showcases your dedication to the offensive security field and your ability to tackle complex security challenges after you earn your OSWE, OSED, and OSEP certifications.

Learn more

Start learning with OffSec

$2,749/year*

Best value

Learn One

Includes one year of access to one 200 or 300-level course, the associated labs, and two exam attempts

$1,749/once

Most popular

Course + Cert Bundle

Includes 90 days of access to one 200 or 300-level course, the associated labs, and a single exam attempt

Train your team with OffSec

$6,099/year*

All access

Learn Unlimited

Unlimited OffSec Learning Library access plus unlimited exam attempts for one year

Get a quote

Large teams

Learn Enterprise

Unlimited OffSec Learning Library access with flexible terms and volume discounts available

Validate your expertise.
Amplify your impact.

  • Mindset & work ethic

    Instill a relentless problem-solving mindset that employers value highly in security professionals

  • Globally recognized certification

    OffSec certs build elite, hands-on skills trusted by the world's top companies

  • Organization value & trust

    Trusted to train skilled, consistent, and reliable security teams

  • Certified candidates win

    91% of respondents prefer to hire candidates with certifications (Fortinet, 2024 Cybersecurity Skills Gap Report)

View of the PEN-200 syllabus in the OffSec portal

Realistic lab environments

Built to sharpen skills through practical, immersive learning

Request a free trial
View of the PEN-200 syllabus in the OffSec portal
  • On-demand lab access

    Train anytime in up-to-date, practical, cutting-edge labs

  • Structured learning modules

    Progress through clear, goal-driven topics

  • Challenge-based learning

    Build skills through real-world, hands-on challenges

  • AI-powered learning assisstant

    Get instant, guided help with complex topics

Success stories from the field

Finally OSED! After 36 hours of no sleep I finally succeed. This is, by far, the most challenging (and fun) exam of Offensive Security I have done so far, but It was worth the time; the content is extremely well structured :)
JD
Jorge Giménez Duro Security Researcher
My journey has taken me through the intricacies of reverse engineering, crafting custom shellcode, and tackling complex topics such as stack overflow, SEH Overflow, DEP and ASLR bypass, etc. What an amazing journey it's been—grueling yet thrilling in equal measure.
XZ
Xiaofan Zhang
It was so tough that you have to combine everything taught in the course: stack/SEH overflow, reverse engineering, custom shellcode, egghunter, ASLR/DEP bypass, and custom ROP chains. That was a challenge that kept me awake for 48 hours with almost no sleep but it's all worth it.
RO
Ronald Ocubillo
The OSED journey has been 3 months of intense sweat, tears, but overall much fun and learning. Everything that I learned will be helpful in my malware reverse engineering path. I want to thank...the great community in Discord, where there were always people happy to help you think and understand.
DR
Dani R. Threat Intelligence Analyst
My journey has taken me through the intricacies of reverse engineering, crafting custom shellcode...
I'm grateful for my dedication and curiosity about cybersecurity, and the resilience I've developed along the way.
AL
Anonymous Learner