• Online, Self-Paced
Course Description

Windows User Mode Exploit Development (EXP-301) is an intermediate-level course which teaches students the fundamentals of modern exploit development. It starts with basic buffer overflow attacks and builds into learning the skills needed to crack the critical security mitigations protecting enterprises. Students who loved buffer overflows in Penetration Testing with Kali Linux (PEN-200) will find that EXP-301 takes those skills to the next level. This course is one of the replacements for Cracking the Perimeter (CTP), which we retired on October 15, 2020. Course topics include: Reverse engineering: learn how to find a bug in a binary application and build an exploit from scratch DEP and ASLR bypasses: learn how to craft exploits for common security mitigations Advanced return-oriented programming (ROP): learn the technique used to bypass data execution prevention View the syllabus for the full list of course modules. Those who complete the course and pass the 48-hour exam earn the Offensive Security Exploit Developer (OSED) certification. The OSED is one of three certifications making up the new OSCE³ certification, along with the OSWE for web application security and the OSEP for penetration testing.

Learning Objectives

Using WinDbg Writing your own shellcode Bypassing basic security mitigations, including DEP and ASLR Exploiting format string specifiers The necessary foundations for finding bugs in binary applications to create custom exploits

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Exploitation Analysis
  • Vulnerability Assessment and Management

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.