New subscription options!     Learn more

EXP-301

Go beyond buffer overflows in Windows User Mode Exploit Development.

Now enjoy more flexibility and go at your own pace with a Learn subscription

Earn your OSED

 

About EXP-301 | Buying Options | Course info | Details | Pricing

Windows User Mode Exploit Development (EXP-301)

Windows User Mode Exploit Development

Windows User Mode Exploit Development (EXP-301) is an intermediate-level course which teaches students the fundamentals of modern exploit development. It starts with basic buffer overflow attacks and builds into learning the skills needed to crack the critical security mitigations protecting enterprises.

Students who loved buffer overflows in Penetration Testing with Kali Linux (PEN-200) will find that EXP-301 takes those skills to the next level. This course is one of the replacements for Cracking the Perimeter (CTP), which we retired on October 15, 2020.

Those who complete the course and pass the 48-hour exam earn the Offensive Security Exploit Developer (OSED) certification. The OSED is one of three certifications making up the new OSCE3 certification, along with the OSWE for web application security and the OSEP for penetration testing.


How to buy EXP-301

Packages

$1249 - $1499

  • 60/90 days of lab access
  • One exam attempt
  • Self-guided


NEW!

Learn One

$1999 *

  • One course
  • 365 days of lab access
  • Two exam attempts
  • Plus exclusive content
NEW!

Learn Unlimited

$5499

  • All online courses*
  • 365 days of lab access
  • Unlimited exam attempts
  • Plus exclusive content


* Applies to online courses only. AWE (EXP-401) is only taught in live classes.

Course Info

Benefits

Students will learn how to:

  • Learn the fundamentals of reverse engineering
  • Create custom exploits
  • Develop the skills to bypass security mitigations
  • Write handmade Windows shellcode
  • Adapt older techniques to more modern versions of Windows

About the exam

 

Who is the course for?

  • Windows User Mode Exploit Development is an intermediate course designed for those who want to learn about exploit development skills.
  • Job roles like penetration testers, exploit developers, security researchers, Malware analysts, and software developers working on security products, could benefit from the course

Course prerequisites

  • Familiarity with debuggers (ImmunityDBG, OllyDBG)
  • Familiarity with basic exploitation concepts on 32-bit
  • Familiarity with writing Python 3 code
  • Ability to read and understand C code at a basic level (optional but recommended)
  • Ability to read and understand 32-bit Assembly code at a basic level (optional but recommended)

Course Details

COURSE OVERVIEW AND SYLLABUS

EXP-301 is an intermediate-level exploit development course that serves to build a solid foundation for students wanting to pursue AWE. Topics covered include:

  • WinDbg tutorial
  • Stack buffer overflows
  • Exploiting SEH overflows
  • Intro to IDA Pro
  • Overcoming space restrictions: Egghunters
  • Shellcode from scratch
  • Reverse-engineering bugs
  • Stack overflows and DEP/ASLR bypass
  • Format string specifier attacks
  • Custom ROP chains and ROP payload decoders

View the full syllabus

WHAT COMPETENCIES WILL YOU GAIN?
  • Using WinDbg
  • Writing your own shellcode
  • Bypassing basic security mitigations, including DEP and ASLR
  • Exploiting format string specifiers
  • The necessary foundations for finding bugs in binary applications to create custom exploits

 

SUPPORTING YOUR ONLINE JOURNEY
  • 15+ hours of video
  • 600+ page course guide
  • Active student forums
  • Access to virtual lab environment
  • Closed Captioning is available for this course

Course Pricing

All prices in US dollars. Register for Learn One or contact our training consultants if you're purchasing Learn Unlimited.

ARE YOU READY?

REGISTER FOR EXP-301