New Exploit Development Course: EXP-301

When we announced our intention to retire our Cracking the Perimeter (CTP) course and revamp the OSCE certification, we also shared information about the courses which would replace it. Those courses are Advanced Web Attacks and Exploitation (WEB-300), Evasion Techniques and Breaching Defenses (PEN-300), and Windows User Mode Exploit Development (EXP-301).

We’re pleased to announce that EXP-301 is now available. This intermediate-level course is for information security professionals who want to expand their skill set with modern exploit development.

We’ve gathered answers to key questions and answered them below. Keep reading for more information, or jump to the section of interest. If you purchased CTP and still have questions, check out our CTP Sunset FAQ post here.

Jump to: The Course | Pricing | Preparing for EXP-301 | The OSED Exam | Verifying Certification | Networking and Community


The Course

Windows User Mode Exploit Development teaches students how to bypass DEP and ASLR security mitigations, create custom return-oriented programming (ROP) chains, and exploit format string specifiers. Students will learn how to adapt older techniques to modern versions of Windows, create custom exploits, and learn the fundamentals of reverse engineering.

Get more than 15 hours of video content and more than 600 pages of rigorous PDF course guide material covering the following topics:

  • WinDbg
  • Stack buffer overflows
  • Exploiting SEH overflows
  • Intro to IDA Pro
  • Overcoming space restrictions: Egghunters
  • Shellcode from scratch
  • Reverse-engineering bugs
  • Stack overflows and DEP/ASLR bypass
  • Format string specifier attacks
  • Custom ROP chains and ROP payload decoders


Download EXP-301 Syllabus


Those who enjoy learning about buffer overflows will enjoy this course. Those considering Advanced Windows Exploitation (EXP-401) should definitely take EXP-301 first.

You can learn more about our course code system and the relationship between courses in our Help Center.

Who is EXP-301 for?

This course was developed to support learning and professional development for:

  • Penetration testers
  • Exploit developers
  • Security researchers
  • Malware analysts
  • Software developers working on security products like antivirus software

It is a highly specialized introduction to exploit development and reverse engineering techniques.

How/where can I take EXP-301?

We offer the course online at this time. The official Windows User Mode Exploit Development course is only available from OffSec.

How do I register?

New students

Individuals and those with voucher codes can register for EXP-301 online.

Group, business, or organization

Students who are part of a group, business, or organization, as well as managers purchasing for a team, should contact our training consultants.

If your purchase falls into one of the following categories, please reach out to your assigned account executive directly (if applicable) or contact us at sales(at)offensive-security(dot)com:

  • You are purchasing on someone else’s behalf
  • You are being sponsored by your company
  • You wish to make a bulk purchase
  • You wish to purchase the course in advance (our course vouchers are valid for 12 months from the payment date)
  • You wish to submit payment via wire transfer or would like to use net terms

Past and current students

If you are already an OffSec student and you would like to purchase another course or more lab time, please use the purchase link you received when you made your first purchase with OffSec.

Can’t find your purchase link? Recover it here using the same email address you originally purchased with.

How does this new course differ from CTP?

  • CTP offered a broad overview of web application testing, penetration testing, and exploit development.
  • Windows User Mode Exploit Development is specifically about exploit development, reverse engineering, and working directly with a debugger.
  • Evasion Techniques and Breaching Defenses (PEN-300) took on the penetration testing aspects of CTP, focusing on more advanced pentesting techniques than Penetration Testing with Kali Linux (PEN-200). It mainly covers bypassing various layers of security.
  • Advanced Web Attacks and Exploitation (WEB-300) took on the web app security parts, and is essentially a white box web application security review course.


In addition to the recommended knowledge prerequisites listed below, students must be at least 18 years old and have a valid ID to take a course. Identification should be government-issued and in English. There are limited exceptions, with rigorous application checks for younger students who wish to apply.

There is no pre-purchase registration test for this course.

For hardware, we recommend a minimum of 4 GB of RAM installed with at least a dual-core CPU and 20 GB of free hard drive space.

The lab connection is done with OpenVPN using Kali Linux. You should use a stable, high-speed Internet connection to access the labs, not mobile internet (3G/4G/5G data connection).

What dates are available to take EXP-301?

When you register, you will see available dates for the next few months. If you would like to register for a future course date that isn’t listed, please complete your purchase with the latest available date and reschedule by contacting our team. Please include your OSID when you contact us.

Please note that while sales for EXP-301 opened January 27, 2021, course start dates will be offered starting March 7, 2021.

Jump to top



Windows User Mode Exploit Development starts at $1299 (all prices in USD). This base price includes 60 days of lab access plus the OSED exam fee. Increasing lab time to 90 days increases the cost. There is no 30-day lab option due to the difficulty level of the course material.

If you find you would like more practice before starting the OSED exam you may opt to add more lab time. Lab access extensions start at $359 for 30 days. The OSED certification exam retake fee is $200.

Please note that as of February 11, 2020, lab extensions no longer come with a free exam take.

See “Course Pricing” on the EXP-301 course page for more information, including lab extensions and upgrades to the new course material.

Flexible purchase options

Students who wish to purchase combinations of the 300-level courses may opt to bundle them and receive special pricing. This option is only available by reaching out to our Sales team. You will be issued vouchers in order to complete your purchase.

All bundles come with 60 days of lab time and one exam attempt for each course.

  • Two courses (choose from WEB-300, PEN-300, EXP-301): $2249
  • Three courses (WEB-300 + PEN-300 + EXP-301): $2999

Students who purchase bundled courses may start any course first. Vouchers issued as part of the bundling program must be redeemed within 12 months of purchase.

Please note that you can only start one course at a time within a 30-day period. You may redeem your voucher at any time in the 12-month validity period, but you must stagger your course start dates by at least 31 days. We recommend completing one course at a time, so that you can save your lab time and only use the time in the course you are currently taking.

We understand that completing two or three OffSec courses in 12 months might be a big commitment! Therefore, you may move your course start date up to three times; please visit our Help Center for more info on changing your course date. We ask that you contact us at least 72 hours prior to your scheduled course start date.

Vouchers may be redeemed via the website if you’ve never taken a course with OffSec before, or via your purchase link if you have previously taken a course with us.

Lost your purchase link? Find it here.

Jump to top


Preparing for EXP-301

Students taking this course should have a basic familiarity with exploitation concepts like buffer overflows. If you’ve taken Penetration Testing with Kali Linux, you’ll have a good foundation for taking Windows User Mode Exploit Development.

The best way to prepare for the OSED exam is to take this course and spend time in the labs to tackle as many of the challenges as possible.

Course prerequisites

All students should have the following prerequisite skills before starting the course:

  • Familiarity with debuggers (ImmunityDBG, OllyDBG)
  • Familiarity with basic exploitation concepts on 32-bit
  • Familiarity with writing Python 3 code

The following optional skills are recommended:

  • Ability to read and understand C code at a basic level
  • Ability to read and understand 32-bit Assembly code at a basic level

The prerequisite skills can be obtained by taking our Penetration Testing with Kali Linux course.

The full syllabus may be viewed here.


The EXP-301 labs contain several machines that run binary applications, designed for students to exploit. The focus in this course is the target applications, not necessarily the machines themselves.

While there are fewer machines in EXP-301 compared to a machine-focused course like PEN-300, you will have multiple apps to target on each machine, and a large range of exercises and extra-miles to complete.

As always with OffSec courses, you may safely and legally practice your skills within the individual labs for the course. You should use a fully updated Kali Linux installation.

Lab time begins on your course starting date, at the same time you receive your course materials. Lab time is counted in consecutive days and is measured by the number of days you have purchased.

Get more lab support here.

Jump to top


The OSED Exam

The EXP-301 course prepares you to take the 48-hour Offensive Security Exploit Developer certification exam. To register for the OSED exam, use the link we provide in your welcome pack after purchasing EXP-301.

Earning all three of the following certifications automatically grants you the new OSCE³ certification:

  • Offensive Security Exploit Developer (OSED), granted after completing Windows User Mode Exploitation Development (EXP-301) and passing the exam
  • Offensive Security Experienced Penetration Tester (OSEP), granted after completing PEN-300 and passing the exam
  • Offensive Security Web Expert (OSWE), granted after completing Advanced Web Attacks and Exploitation (WEB-300) and passing the exam

Can I start the exam immediately after purchase? What if I still have lab time, but feel ready?

The OSED exam will be available by June 7, 2021.

You must register for Windows User Mode Exploit Development at least 10 days prior to your desired course start date.

If you feel ready early, you may schedule your exam when it becomes available. However, please be advised that there is a cool-off period before any exam retakes may be attempted. We strongly recommend students take full advantage of their lab time.

Like other OffSec exams, the OSED exam is a hands-on penetration test focusing on the skills you would need to successfully develop practical, real-world exploits.

The OSED exam is proctored. To learn more about proctoring, review the FAQs prior to registering for the course.

How long is the OSED certification good for?

As with all OffSec certifications, once you’ve earned your OSED certification, it’s yours. And as always, there are no subscriptions, renewals, membership fees, or other requirements to requalify your certification with OffSec.

Jump to top


Verifying Certification

We use Acclaim digital badges to make it easier for students to share their credentials with potential employers, and for employers to verify certification. In addition to our paper certificates, you can also claim a digital certificate for easier sharing with potential employers or peers.

Professional development

Windows User Mode Exploit Development is not associated with any professional development credentials at this time.

Jump to top


Networking and Community

Connect with others who are either already OS certification holders, or on their journey in the OffSec Community.

You can also keep up to date with OffSec by signing up to be an OffSec Insider, or on social media:


More questions?

If you have more questions about EXP-301 or the OSED exam, you can:

  • Visit the course help section on our FAQ page
  • Contact us (if you have an OSID, please include this with your message)

We look forward to seeing you!