Cyber Security Category Banner Image

OffSec EXP-301 - Windows User Mode Exploit Development (OSED) - Self-paced

  • Length 90 days access
  • Price  NZD 2730 exc GST
  • Inclusions OSED exam
Course overview
Book now

Why study this course

Learn the fundamentals of modern 32-bit exploit development with this intermediate-level Windows User Mode Exploit Development (EXP-301) course, designed for those who want to learn about exploit development skills.

EXP-301 expands on many of the concepts covered in CTP, and prepares students to take on AWE and the OSEE. EXP-301 is an intermediate course that teaches the skills necessary to bypass DEP and ASLR security mitigations, create advanced custom ROP chains, reverse-engineer a network protocol and even create read and write primitives by exploiting format string specifiers.

Students who complete the course and pass the exam earn the OffSec Exploit Developer (OSED) certification, demonstrating their ability to create custom exploits.

The OSED is one of three certifications making up the OSCE³ certification, along with the OSWE for web application security and the OSEP for advanced penetration testing.

This self-paced course includes:

  • 15+ hours of video

  • 600+ page course guide

  • Active student forums

  • Access to virtual lab environment

  • OSED exam voucher

About the OSED exam:

  • The EXP-301 course and online lab prepares you for the OSED certification

  • 48-hour exam

  • Proctored

Learn more about the exam.

Request Course Information

What you’ll learn

  • Learn the fundamentals of reverse engineering

  • Create custom exploits

  • Develop the skills to bypass security mitigations

  • Write handmade Windows shellcode

  • Adapt older techniques to more modern versions of Windows

OffSec Partner Logo - Gold Channel

OffSec at Lumify Work

Security professionals from top organisations rely on OffSec to train and certify their personnel. Lumify Work is an Official Training Partner for OffSec.

Who is the course for?

Job roles such as penetration testers, exploit developers, security researchers, malware analysts, and software developers working on security products, could benefit from this course.

Course subjects

The course covers the following topics:

  • WinDbg tutorial

  • Stack buffer overflows

  • Exploiting SEH overflows

  • Intro to IDA Pro

  • Overcoming space restrictions: Egghunters

  • Shellcode from scratch

  • Reverse-engineering bugs

  • Stack overflows and DEP/ASLR bypass

  • Format string specifier attacks

  • Custom ROP chains and ROP payload decoders

View the full syllabus here.


All students are required to have:

  • Familiarity with debuggers (ImmunityDBG, OllyDBG)

  • Familiarity with basic exploitation concepts on 32-bit

  • Familiarity with writing Python 3 code

The following are optional but recommended:

  • Ability to read and understand C code at a basic level

  • Ability to read and understand 32-bit Assembly code at a basic level


Lumify Work offers certification and training through our partnership with OffSec. This arrangement requires Lumify Work to provide your details to OffSec for course and/or exam registration purposes.

Terms & Conditions

The supply of this course by Lumify Work is governed by the booking terms and conditions. Please read the terms and conditions carefully before enrolling in this course, as enrolment in the course is conditional on acceptance of these terms and conditions.

Request Course Information

Select and book a course

Can't find a date you like?

Contact sales