Train to become OSED certified
EXP-301: Windows User Mode Exploit Development
Starting at $1,749
Level
300885h of content
- Learn advanced exploit development techniques, including reverse engineering, writing shellcode, and bypassing modern mitigations
- Earn the OffSec Exploit Developer (OSED) certification
Overview
EXP-301 is an intermediate course in Windows user-mode exploit development that teaches learners to reverse engineer binaries, write custom shellcode, and bypass modern defenses like DEP and ASLR through hands-on labs and real-world exploitation techniques
EXP-301 (Windows User Mode Exploit Development) is an intermediate course on modern exploit development techniques. Learners gain hands-on experience crafting custom exploits and bypassing security defenses designed to elevate their skills in ethical hacking and vulnerability discovery. It will also provide an introduction to reverse engineering binary applications to help locate vulnerabilities. Completion of this course will prove the learner's expertise in advanced exploit development techniques, including reverse engineering, writing shellcode, and bypassing modern mitigations, making certified professionals invaluable for identifying and addressing vulnerabilities in software applications.
EXP-301 covers many critical skills within exploit development, including:
- Understanding the mechanics of stack buffer overflows and learn how to exploit them to gain control of vulnerable programs
- Utilizing IDA Pro with a debugger during reverse engineering and more advanced exploit development
- Applying dynamic analysis to understand program behavior
- Developing the skills to write your own custom shellcode, enabling you to perform specific actions on compromised systems
- Mastering advanced techniques for exploiting stack overflows while bypassing modern security mitigations such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR)
- Completing extensive reverse engineering to find a way to leverage a format string vulnerability and develop a read primitive
EXP-301 is structured into 13 modules, many with companion videos and hands-on labs to practice the skills presented in the module. After mastering the concepts and labs in the modules, learners are encouraged to complete the 3 Challenge Labs, developed specifically to test the learners’ understanding of the concepts of the course and prepare them for the OSED exam.
EXP-301 is designed for any learner who already has strong skills in penetration testing and programming, looking to master exploit development techniques. A strong understanding of C programming, assembly language, operating system internals (Windows), and debugging tools (such as WinDbg and Immunity Debugger) is highly recommended.
Becoming OSED certified
-
48-hour proctored
All exams are proctored by an OffSec employee in a private VPN
-
Hands-on labs
Identify, exploit, and report real-world vulnerabilities in live lab systems
-
3 independent exploit tasks
Reverse engineer to discover vulnerabilities, craft exploits t0 bypass security mitigations, and create custom shellcode
-
Obtain a shell and proof.txt file
From the shell, a proof.txt file located on the desktop of the administrator user must be retrieved
OSED certification
About the OSED exam
The OffSec Exploit Developer certification validates expertise in advanced exploit development techniques, including reverse engineering, writing shellcode, and bypassing modern mitigations
Offensive Security Mastery
About the OSCE³ certification
Achieving the OSCE³ certification showcases your dedication to the offensive security field and your ability to tackle complex security challenges after you earn your OSWE, OSED, and OSEP certifications.
Start learning with OffSec
$2,749/year*
Best value
Learn One
Includes one year of access to one 200 or 300-level course, the associated labs, and two exam attempts
$1,749/once
Most popular
Course + Cert Bundle
Includes 90 days of access to one 200 or 300-level course, the associated labs, and a single exam attempt
Train your team with OffSec
$6,099/year*
All access
Learn Unlimited
Unlimited OffSec Learning Library access plus unlimited exam attempts for one year
Get a quote
Large teams
Learn Enterprise
Unlimited OffSec Learning Library access with flexible terms and volume discounts available
Validate your expertise.
Amplify your impact.
-
Mindset & work ethic
Instill a relentless problem-solving mindset that employers value highly in security professionals
-
Globally recognized certification
OffSec certs build elite, hands-on skills trusted by the world's top companies
-
Organization value & trust
Trusted to train skilled, consistent, and reliable security teams
-
Certified candidates win
91% of respondents prefer to hire candidates with certifications (Fortinet, 2024 Cybersecurity Skills Gap Report)
Realistic lab environments
Built to sharpen skills through practical, immersive learning
Request a free trial -
On-demand lab access
Train anytime in up-to-date, practical, cutting-edge labs
-
Structured learning modules
Progress through clear, goal-driven topics
-
Challenge-based learning
Build skills through real-world, hands-on challenges
-
AI-powered learning assisstant
Get instant, guided help with complex topics
Success stories from the field
Finally OSED! After 36 hours of no sleep I finally succeed. This is, by far, the most challenging (and fun) exam of Offensive Security I have done so far, but It was worth the time; the content is extremely well structured :)
My journey has taken me through the intricacies of reverse engineering, crafting custom shellcode, and tackling complex topics such as stack overflow, SEH Overflow, DEP and ASLR bypass, etc. What an amazing journey it's been—grueling yet thrilling in equal measure.
It was so tough that you have to combine everything taught in the course: stack/SEH overflow, reverse engineering, custom shellcode, egghunter, ASLR/DEP bypass, and custom ROP chains. That was a challenge that kept me awake for 48 hours with almost no sleep but it's all worth it.
The OSED journey has been 3 months of intense sweat, tears, but overall much fun and learning. Everything that I learned will be helpful in my malware reverse engineering path. I want to thank...the great community in Discord, where there were always people happy to help you think and understand.
My journey has taken me through the intricacies of reverse engineering, crafting custom shellcode... I'm grateful for my dedication and curiosity about cybersecurity, and the resilience I've developed along the way.
EXP-301 FAQ
Flexible pricing for teams of any size
Scalable options to fit your team's training needs
