Go beyond buffer overflows in Windows User Mode Exploit Development.

Earn your OSED


Windows User Mode Exploit Development (EXP-301)

Course Overview

Windows User Mode Exploit Development (EXP-301) is an intermediate-level course which teaches students the fundamentals of modern exploit development. It starts with basic buffer overflow attacks and builds into learning the skills needed to crack the critical security mitigations protecting enterprises.

Students who loved buffer overflows in Penetration Testing with Kali Linux (PEN-200) will find that EXP-301 takes those skills to the next level. This course is one of the replacements for Cracking the Perimeter (CTP), which we retired on October 15, 2020.

Course topics include:

  • Reverse engineering: learn how to find a bug in a binary application and build an exploit from scratch
  • DEP and ASLR bypasses: learn how to craft exploits for common security mitigations
  • Advanced return-oriented programming (ROP): learn the technique used to bypass data execution prevention

View the syllabus for the full list of course modules.

Those who complete the course and pass the 48-hour exam earn the Offensive Security Exploit Developer (OSED) certification. The OSED is one of three certifications making up the new OSCE3 certification, along with the OSWE for web application security and the OSEP for penetration testing.

Find out more: Certification Process | Course Details (who should take the course, syllabus, prerequisites) | Course Pricing

48hr OSED exam

Course includes a 48-hour exam.

EXP-301 - Learn about custom exploit development

Learn about custom exploit development.

EXP-301 Online Labs

Gain access to a virtual penetration testing lab.

OSED Certification

Earn your OSED certification.

Certification Process

The Offensive Security Exploit Developer (OSED) certification is an intermediate exploit development cert.

Once students have completed the EXP-301 course material and practiced their skills in the labs, they’re ready to take the certification exam. The OSED exam has a 48-hour time limit and consists of a hands-on test in our isolated VPN network. Students will receive the exam and connectivity instructions for machines with applications to which they have had no prior exposure.

This exam is proctored.


A passing exam grade will confer the Offensive Security Exploit Developer certificate. Certified OSEDs have the skills and expertise necessary to bypass basic Windows security mitigations using custom exploits.

Register for EXP-301

Register at least 10 days prior to desired start date.

EXP-301 Virtual Labs

Establish connection to the virtual lab.

EXP-301 Course Materials

Progress through course materials and practice your skills.

Schedule your EXP-301 exam

Schedule certification exam within 120 days of course completion.

OSED Certification

Successfully complete 48-hour exam and earn your OSED.

Course Details


Windows User Mode Exploit Development is an intermediate course designed for those who want to learn about exploit development skills. For advanced pentesting, consider taking Evasion Techniques and Breaching Defenses (PEN-300). For web application security, try Advanced Web Attacks and Exploitation (WEB-300).

You are most likely to benefit if you are a:

  • Penetration tester
  • Exploit developer
  • Security researcher
  • Malware analyst
  • Software developer working on security products, like antivirus software



EXP-301 is an intermediate-level exploit development course that serves to build a solid foundation for students wanting to pursue AWE. Topics covered include:

  • WinDbg tutorial
  • Stack buffer overflows
  • Exploiting SEH overflows
  • Intro to IDA Pro
  • Overcoming space restrictions: Egghunters
  • Shellcode from scratch
  • Reverse-engineering bugs
  • Stack overflows and DEP/ASLR bypass
  • Format string specifier attacks
  • Custom ROP chains and ROP payload decoders

View the full syllabus


All students should have the following prerequisite skills before starting the course:

  • Familiarity with debuggers (ImmunityDBG, OllyDBG)
  • Familiarity with basic exploitation concepts on 32-bit
  • Familiarity with writing Python 3 code

The following optional skills are recommended:

  • Ability to read and understand C code at a basic level
  • Ability to read and understand 32-bit Assembly code at a basic level

The prerequisite skills can be obtained by taking our Penetration Testing with Kali Linux course.


  • Using WinDbg
  • Writing your own shellcode
  • Bypassing basic security mitigations, including DEP and ASLR
  • Exploiting format string specifiers
  • The necessary foundations for finding bugs in binary applications to create custom exploits


  • 15+ hours of video
  • 600+ page course guide
  • Active student forums
  • Access to virtual lab environment

Course Pricing

All prices in US dollars. Save on EXP-301 by purchasing as a bundle.