EXP-301: Windows User Mode Exploit Development
Windows User Mode Exploit Development (EXP-301) is a course that teaches learners the basics of modern exploit development. Despite being a fundamental course, it is at the 300 level because it relies on substantial knowledge of assembly and low level programming. It begins with basic buffer overflow attacks and builds into learning the skills needed to crack the critical security mitigations protecting enterprises. Learners who complete the course and pass the exam earn the OffSec Exploit Developer (OSED) certification. The OSED is one of three certifications making up the OSCE³ certification along with the OSEP for advanced penetration testing and OSWE for web application security.
- Learn the fundamentals of reverse engineering
- Create custom exploits
- Develop the skills to bypass security mitigations
- Write handmade Windows shellcode
- Adapt older techniques to more modern versions of Windows
- The EXP-301 course and online lab prepares you for the OSED certification
- 48-hour exam
- Learn more about the exam
- Windows User Mode Exploit Development is an intermediate course designed for those who want to learn about exploit development skills
- Job roles like penetration testers, exploit developers, security researchers, Malware analysts, and software developers working on security products, could benefit from the course
- Familiarity with debuggers (ImmunityDBG, OllyDBG)
- Familiarity with basic exploitation concepts on 32-bit
- Familiarity with writing Python 3 code
- Ability to read and understand C code at a basic level
- Ability to read and understand 32-bit Assembly code at a basic level
How to Enroll
Course & Cert
Fast-track your learning journey and earn a certificate in just 90 days. Includes one exam attempt.
One year of lab access to one OffSec course plus two exam attempts.
Unlimited OffSec Learning Library access plus unlimited exam attempts for one year.
This course covers the following topics, View the full syllabus.
- WinDbg tutorial
- Stack buffer overflows
- Exploiting SEH overflows
- Intro to IDA Pro
- Overcoming space restrictions: Egghunters
- Shellcode from scratch
- Reverse-engineering bugs
- Stack overflows and DEP/ASLR bypass
- Format string specifier attacks
- Custom ROP chains and ROP payload decoders
- Using WinDbg
- Writing your own shellcode
- Bypassing basic security mitigations, including DEP and ASLR
- Exploiting format string specifiers
- The necessary foundations for finding bugs in binary applications to create custom exploits
- 15+ hours of video
- 600+ page course guide
- Active learner forums
- Access to virtual lab environment
- Closed Captioning is available for this course
If a learner needs more lab access time or needs to retake an exam, Exam Retakes & Lab Extensions can be purchased additionally through the OffSec Training Library.
- OSED Certification Exam Retake Fee: $249
- EXP-301 lab access extension of 30 days: $359