Learning Solutions

Learning Library

Courses & Certifications

Industry-leading certifications and training for continuous learning

Job Roles

Rigorous training content and labs for the most critical and in-demand job roles

Industry Frameworks

MITRE ATT&CK- and D3FEND-aligned learning paths

Explore Learning Library

Cyber Ranges

Enterprise Cyber Range & Versus

Set up tournaments and test red and blue team skills in a live-fire cyber range

Offensive Cyber Range

Train on the latest attack vectors to address vulnerabilities

Defensive Cyber Range

Prepare for the next attack with simulated real-world training environments

Watch a demo
Why OffSec

Organizations

Teams & Enterprises

Continuous learning & hands-on skills development for cybersecurity teams

Public Sector

Unique training for government agencies and educational institutions

Use Cases

Meet critical cyber workforce needs with OffSec's learning platform

Contact sales

Individuals

Attain a Certification

Prove critical knowledge & skills with an industry-standard certification

Get Hands-on Practice

Challenge yourself in real-world lab environments

Increase Career Prospects

Ready yourself for the next step in your cybersecurity career

Register now
Plans & Pricing

Organizations

Subscription Pricing

Provide continuous Learning Library access to build cyber workforce resilience

Cyber Ranges

Hands-on training in live-fire, simulation environments

Pentesting Services

Let OffSec conduct a comprehensive vulnerability assessment

Contact sales

Individuals

Pricing

Flexible options based on your learning goals

Learn One
Learn One

12-month access to a single course, related labs, and two exam attempts

Course & Certification Bundle
Course & Certification Bundle

90-day access to a single course, related labs, and one exam attempt

Learn Fundamentals
Learn Fundamentals

12-month access to introductory- and essential-level content

Proving Grounds Labs

OffSec-curated private labs to practice and perfect your pentesting skills

Register now
Partners
Global Partner Program
Partner Portal Login
Find a Partner

Become a Partner

Add OffSec to your list of training providers

Partner with us
Kali & Community
Join Our Community
Kali Linux
Community Projects
OffSec Discord
OffSec Live

Connect with us

OffSec office hours every Friday on Twitch

OffSec Twitch
Resources
2024 Global Infosec Award Winner

OffSec Wins Seven Global InfoSec Awards during RSA Conference 2024

Read blog
← Back to E-book & Guides
E-book & Guide
Thursday, December 8th 2022

EXP-301: Windows User Mode Exploit Development Guide

Explore the free guide to learn more about the Windows User Mode Exploit Development (EXP-301) course.

Featured Article

About the course

Windows User Mode Exploit Development (EXP-301) is an intermediate-level course which teaches students the fundamentals of modern exploit development.

It starts with basic buffer overflow attacks and builds into learning the skills needed to crack the critical security mitigations protecting enterprises. Those who complete the course and pass the 48-hour exam earn the Offensive Security Exploit Developer (OSED) certification.

Course Topics

  • Exploiting SEH overflows
  • Overcoming space restrictions: Egghunters
  • Shellcode from scratch
  • Reverse-engineering bugs
  • Stack overflows and DEP/ASLR bypass
  • Format string specifier attacks
  • Custom ROP chains and ROP payload decoders

Student Reviews

“w00tw00t!! I've almost lost my own sanity at this until I popped that shell which barely passed the exam. It was so tough that you have to combine everything that has been taught on the course: stack/SEH overflow, reverse engineering, custom shellcode, egghunter, ASLR/DEP bypass, and custom ROP chain. Overall, that was a hell of a challenge that kept me awake for 48 hours with almost no sleep but it's all worth it. Thank you OffSec and I'll be seeing you again for the next couple of weeks for the OSEP exam.”

 - Ronald Ocubillo | OSCP, OSCE , CRTO

 

“ Finally OSED! After 36 hours of no sleep, I finally succeeded. This is, by far, the most challenging (and fun) exam of OffSec I have done so far, but It was worth the time; the content is extremely well structured :)”

- Jorge Giménez Duro | Ethical Hacker at Security Research Labs

 

“I'm delighted to pass the Offensive Security Exploit Development course, and in so doing, achieved the Offensive Security Certified Expert (OSCE3)! OSCE3 holders must have passed all three of Offensive Security's 300-level courses: Windows User Mode Exploit Development (EXP-301), Evasion Techniques and Breaching Defenses (PEN-300), and Advanced Web Attacks and Exploitation (WEB-300). This was the hardest exam I've taken so far. It was truly a beast of a challenge but it demonstrated all the hallmarks of the OffSec "try harder" rigor. On to the next!”

 - Eugene Lim | Cybersecurity Specialist

Start your journey with Learn One