Course Overview
Windows User Mode Exploit Development (EXP-301) is an intermediate-level course which teaches students the fundamentals of modern exploit development. It starts with basic buffer overflow attacks and builds into learning the skills needed to crack the critical security mitigations protecting enterprises.
Students who loved buffer overflows in Penetration Testing with Kali Linux (PEN-200) will find that EXP-301 takes those skills to the next level. This course is one of the replacements for Cracking the Perimeter (CTP), which we retired on October 15, 2020.
Course topics include:
- Reverse engineering: learn how to find a bug in a binary application and build an exploit from scratch
- DEP and ASLR bypasses: learn how to craft exploits for common security mitigations
- Advanced return-oriented programming (ROP): learn the technique used to bypass data execution prevention
View the syllabus for the full list of course modules.
Those who complete the course and pass the 48-hour exam earn the Offensive Security Exploit Developer (OSED) certification.
Find out more: Certification Process | Course Details (who should take the course, syllabus, prerequisites) | Course Pricing

Course includes a 48-hour exam.

Learn about custom exploit development.

Gain access to a virtual penetration testing lab.

Earn your OSED certification.
Certification Process
The Offensive Security Exploit Developer (OSED) certification is an intermediate exploit development cert.
Once students have completed the EXP-301 course material and practiced their skills in the labs, they’re ready to take the certification exam. The OSED exam has a 48-hour time limit and consists of a hands-on test in our isolated VPN network. Students will receive the exam and connectivity instructions for machines with applications to which they have had no prior exposure.
This exam is proctored.
REAL-WORLD BENEFITS
A passing exam grade will confer the Offensive Security Exploit Developer certificate. Certified OSEDs have the skills and expertise necessary to bypass basic Windows security mitigations using custom exploits.

Register at least 10 days prior to desired start date.

Establish connection to the virtual lab.

Progress through course materials and practice your skills.

Schedule certification exam within 120 days of course completion.

Successfully complete 48-hour exam and earn your OSED.
WHO IS THIS COURSE FOR?
Windows User Mode Exploit Development is an intermediate course designed for those who want to learn about exploit development skills. For advanced pentesting, consider taking Evasion Techniques and Breaching Defenses (PEN-300). For web application security, try Advanced Web Attacks and Exploitation (WEB-300).
You are most likely to benefit if you are a:
- Penetration tester
- Exploit developer
- Security researcher
- Malware analyst
- Software developer working on security products, like antivirus software
COURSE OVERVIEW AND SYLLABUS
EXP-301 is an intermediate-level exploit development course that serves to build a solid foundation for students wanting to pursue AWE. Topics covered include:
- WinDbg tutorial
- Stack buffer overflows
- Exploiting SEH overflows
- Intro to IDA Pro
- Overcoming space restrictions: Egghunters
- Shellcode from scratch
- Reverse-engineering bugs
- Stack overflows and DEP/ASLR bypass
- Format string specifier attacks
- Custom ROP chains and ROP payload decoders
COURSE PREREQUISITES
All students should have the following prerequisite skills before starting the course:
- Familiarity with debuggers (ImmunityDBG, OllyDBG)
- Familiarity with basic exploitation concepts on 32-bit
- Familiarity with writing Python 3 code
The following optional skills are recommended:
- Ability to read and understand C code at a basic level
- Ability to read and understand 32-bit Assembly code at a basic level
The prerequisite skills can be obtained by taking our Penetration Testing with Kali Linux course.
WHAT COMPETENCIES WILL YOU GAIN?
- Using WinDbg
- Writing your own shellcode
- Bypassing basic security mitigations, including DEP and ASLR
- Exploiting format string specifiers
- The necessary foundations for finding bugs in binary applications to create custom exploits
SUPPORTING YOUR ONLINE JOURNEY
- 15+ hours of video
- 600+ page course guide
- Active student forums
- Access to virtual lab environment
Course Pricing
All prices in US dollars.
Packages |
|
---|---|
EXP-301 course + 60 days lab access + OSED exam certification fee | $1299 |
EXP-301 course + 90 days lab access + OSED exam certification fee | $1499 |
Retakes |
|
---|---|
OSED certification exam retake fee | $200 |
Lab Extensions |
|
---|---|
EXP-301 lab access – extension of 30 days | $359 |
EXP-301 lab access – extension of 60 days | $599 |
EXP-301 lab access – extension of 90 days | $799 |