Windows User Mode Exploit Development (EXP-301) is an intermediate-level course which teaches students the fundamentals of modern exploit development. It starts with basic buffer overflow attacks and builds into learning the skills needed to crack the critical security mitigations protecting enterprises. Students who loved buffer overflows in Penetration Testing with Kali Linux (PEN-200) will find that EXP-301 takes those skills to the next level. This course is one of the replacements for Cracking the Perimeter (CTP), which we retired on October 15, 2020. Course topics include: Reverse engineering: learn how to find a bug in a binary application and build an exploit from scratch DEP and ASLR bypasses: learn how to craft exploits for common security mitigations Advanced return-oriented programming (ROP): learn the technique used to bypass data execution prevention View the syllabus for the full list of course modules. Those who complete the course and pass the 48-hour exam earn the Offensive Security Exploit Developer (OSED) certification. The OSED is one of three certifications making up the new OSCE³ certification, along with the OSWE for web application security and the OSEP for penetration testing.
Learning Objectives
Using WinDbg Writing your own shellcode Bypassing basic security mitigations, including DEP and ASLR Exploiting format string specifiers The necessary foundations for finding bugs in binary applications to create custom exploits
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Exploitation Analysis
- Vulnerability Assessment and Management
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.