OffSec EXP-301 (OSED) – Online 90 days access

Participants should have:

• Strong experience with penetration testing methodologies and vulnerability analysis
• Practical programming knowledge in the C programming language
• Familiarity with assembly language concepts
• Working knowledge of Windows operating system internals
• Experience using debugging tools such as WinDbg or Immunity Debugger
• Understanding of general exploit development concepts is recommended

Target audience

This course is designed for:

• Security professionals seeking to deepen expertise in exploit development
• Penetration testers who want to understand advanced vulnerability exploitation techniques
• Ethical hackers aiming to strengthen their reverse engineering and debugging capabilities
• Security researchers analysing software vulnerabilities in compiled applications
• Developers or security engineers interested in understanding low-level software exploitation

By the end of this course, learners will be able to:

• Explain the role of reverse engineering in vulnerability discovery and exploit development
• Describe the key stages involved in reverse engineering binary applications
• Analyse how programs process input and identify potential vulnerabilities in compiled code
• Apply reverse engineering techniques to understand program behaviour and execution flow
• Evaluate the differences between reverse engineering and fuzzing for vulnerability discovery
• Identify advantages and limitations of both reverse engineering and fuzzing techniques
• Trace program execution using static and dynamic analysis techniques
• Combine reverse engineering and fuzzing approaches to improve vulnerability discovery outcomes

WinDbg debugger fundamentals
This section introduces learners to the WinDbg debugger and demonstrates how it can be used to analyse application crashes and inspect program memory during vulnerability research.

• Navigating the WinDbg interface
• Analysing application crashes and exception handling
• Inspecting registers and memory structures
• Working with stack traces and debugging symbols
• Investigating memory dumps to identify vulnerabilities

Stack buffer overflows
Learners explore the fundamentals of stack-based memory corruption and how attackers exploit these vulnerabilities to gain control of program execution.

• Understanding stack memory architecture
• Identifying stack buffer overflow vulnerabilities
• Controlling instruction pointers during exploitation
• Constructing proof-of-concept exploits
• Developing reliable exploitation techniques

Exploiting structured exception handler overflows
This module examines Structured Exception Handler (SEH) exploitation techniques used to gain execution control during program crashes.

• Understanding Windows exception handling mechanisms
• Analysing SEH records and handlers
• Triggering controlled crashes in vulnerable applications
• Redirecting execution through SEH overwrites
• Developing reliable SEH exploitation strategies

Introduction to IDA Pro
Learners are introduced to IDA Pro and explore how it supports reverse engineering of compiled applications.

• Understanding disassembly and decompilation concepts
• Navigating the IDA Pro interface and analysis views
• Identifying functions, data structures, and program flow
• Integrating debugging techniques with static analysis
• Analysing vulnerable code paths in binary applications

Overcoming exploit space restrictions
This section introduces techniques used when exploit payload size is limited, focusing on locating and executing shellcode efficiently.

• Understanding payload size restrictions
• Locating shellcode within memory
• Using egghunter techniques to find payloads
• Executing staged payloads in constrained environments
• Improving exploit reliability in restricted memory conditions

Shellcode development from scratch
Learners develop the skills required to write custom shellcode capable of performing targeted actions on compromised systems.

• Understanding shellcode architecture and constraints
• Writing shellcode for Windows environments
• Avoiding bad characters in payloads
• Optimising shellcode size and reliability
• Testing shellcode execution within exploit payloads

Reverse engineering software vulnerabilities
Participants analyse compiled binaries to locate exploitable flaws and understand how vulnerabilities occur in real-world applications.

• Analysing binary code paths for vulnerabilities
• Investigating program input parsing routines
• Identifying memory corruption vulnerabilities
• Tracing execution paths through disassembled code
• Building proof-of-concept exploit strategies

Stack overflows and mitigation bypass techniques
This module explores how modern operating systems attempt to prevent exploitation and how attackers bypass these protections.

• Understanding Data Execution Prevention protections
• Analysing Address Space Layout Randomization
• Bypassing memory protection mechanisms
• Constructing exploit payloads that evade mitigations
• Evaluating reliability of mitigation bypass techniques

Format string vulnerability exploitation
Learners examine format string vulnerabilities and explore how these flaws allow attackers to read or manipulate memory.

• Understanding format string specifiers in C applications
• Identifying vulnerable code patterns
• Leveraging format string vulnerabilities for memory disclosure
• Creating arbitrary memory read primitives
• Developing exploit strategies using format string vulnerabilities

Return oriented programming and advanced exploitation
This section focuses on advanced techniques used to bypass modern security mechanisms through Return-Oriented Programming.

• Understanding the principles of Return-Oriented Programming
• Identifying usable instruction gadgets within binaries
• Constructing custom Return-Oriented Programming chains
• Building payload decoders for advanced exploit delivery
• Combining techniques to achieve reliable exploitation

Challenge labs and exploit development practice
After completing the core modules, learners apply their knowledge through challenge labs designed to simulate real-world vulnerability research scenarios.

• Analysing vulnerable applications independently
• Developing full exploit chains
• Applying reverse engineering techniques in realistic environments
• Validating exploit reliability and execution control
• Preparing for advanced exploit development assessments

Exams and assessments

The OffSec EXP-301 (OSED) exam is included within the course. Learners complete extensive hands-on labs throughout the course to reinforce the concepts presented.

Three challenge labs are included to test learners’ understanding of exploit development techniques and vulnerability analysis. These labs simulate realistic exploitation scenarios and help prepare participants for advanced exploit development certification assessments.

Hands-on learning

This course includes:

• Hands-on labs that guide learners through exploit development techniques
• Practical debugging and reverse engineering exercises using real tools
• Vulnerability analysis activities using compiled software binaries
• Challenge labs designed to test exploit development skills in realistic scenarios

• Exam included