[Webinar] Start with Why: How to Sustain Intrinsic Motivation in Cyber Teams - Register now
ShePwns

Empowering women to take control
of their path in cybersecurity

Gain insights from industry-leading women
and enter to win a Learn One subscription.

Join the movement

E-books & Guides

Dec 8, 2022

EXP-301: Windows User Mode Exploit Development Guide

Explore the free guide to learn more about the Windows User Mode Exploit Development (EXP-301) course.

OffSec Team

2 min read

About the course

Windows User Mode Exploit Development (EXP-301) is an intermediate-level course which teaches students the fundamentals of modern exploit development.

It starts with basic buffer overflow attacks and builds into learning the skills needed to crack the critical security mitigations protecting enterprises. Those who complete the course and pass the 48-hour exam earn the Offensive Security Exploit Developer (OSED) certification.

Course Topics

  • Exploiting SEH overflows
  • Overcoming space restrictions: Egghunters
  • Shellcode from scratch
  • Reverse-engineering bugs
  • Stack overflows and DEP/ASLR bypass
  • Format string specifier attacks
  • Custom ROP chains and ROP payload decoders

Student Reviews

“w00tw00t!! I’ve almost lost my own sanity at this until I popped that shell which barely passed the exam. It was so tough that you have to combine everything that has been taught on the course: stack/SEH overflow, reverse engineering, custom shellcode, egghunter, ASLR/DEP bypass, and custom ROP chain. Overall, that was a hell of a challenge that kept me awake for 48 hours with almost no sleep but it’s all worth it. Thank you OffSec and I’ll be seeing you again for the next couple of weeks for the OSEP exam.”

 – Ronald Ocubillo | OSCP, OSCE , CRTO

 

“ Finally OSED! After 36 hours of no sleep, I finally succeeded. This is, by far, the most challenging (and fun) exam of OffSec I have done so far, but It was worth the time; the content is extremely well structured :)”

– Jorge Giménez Duro | Ethical Hacker at Security Research Labs

 

“I’m delighted to pass the Offensive Security Exploit Development course, and in so doing, achieved the Offensive Security Certified Expert (OSCE3)! OSCE3 holders must have passed all three of Offensive Security’s 300-level courses: Windows User Mode Exploit Development (EXP-301), Evasion Techniques and Breaching Defenses (PEN-300), and Advanced Web Attacks and Exploitation (WEB-300). This was the hardest exam I’ve taken so far. It was truly a beast of a challenge but it demonstrated all the hallmarks of the OffSec “try harder” rigor. On to the next!”

 – Eugene Lim | Cybersecurity Specialist

Start your journey with Learn One

Latest from OffSec

Federal

Addressing the Unique Cybersecurity Challenges Faced by Government Agencies

Explore the unique cybersecurity challenges government agencies face and how tailored strategies can protect national security and public trust.

Feb 12, 2025

8 min read

Enterprise Security

Building a Cyber-Resilient Public Sector Through Hands-on Security Training

Learn how hands-on cybersecurity training equips public sector teams to protect critical infrastructure, featuring real-world cases from Atlanta, Oldsmar, and Texas that demonstrate why practical experience trumps theoretical knowledge alone. Discover why agencies are moving beyond certifications to combat-ready security training.

Feb 5, 2025

4 min read

Research & Tutorials

CVE-2025-21298: A Critical Windows OLE Zero-Click Vulnerability

Explore CVE-2025-21298, a critical Windows OLE zero-click flaw enabling RCE via email. Learn its risks, impact, and how to defend against attacks.

Feb 3, 2025

3 min read
View all blogs