Offensive Security EXP-301: A course teaching the fundamentals of exploit development
Offensive Security announced the launch of Windows User Mode Exploit Development (EXP-301), a new course focused on exploit development and reverse engineering techniques. EXP-301 teaches the fundamentals of exploit development, and emphasizes the techniques that security researchers must learn to understand and attack standard Windows protections.
“Security today requires constantly staying one step ahead of attackers, and this necessitates a creative, curious, adversarial mindset,” said Ning Wang, CEO, Offensive Security.
“Defenders must not only understand all the defense techniques that enterprises employ, but also be able to take the next step and infer from there how attackers work to bypass these defenses. At OffSec we are committed to continually updating our training offerings with new courses like EXP-301 to keep our students thinking adversarially.”
The EXP-301 course gives students a firm command of the techniques needed to bypass popular Windows defenses such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR).
The course also emphasizes techniques for reverse engineering binary applications and identifying security weaknesses. Students who complete the new course are eligible to sit for their EXP-301 exam and earn the new Offensive Security Exploit Development (OSED) certification, demonstrating their ability to create custom exploits.
Obtaining the OSED certification puts students on the path to acquiring the new Offensive Security Certified Expert – Three (OSCE3) designation. By passing the relevant exams for EXP-301, PEN-300, and WEB-300 (AWAE) a student is automatically granted their OSCE3, demonstrating expertise in Offensive Security’s three primary learning paths: Penetration Testing, Web Application Attacks, and Exploit Development.
A pure exploit development and reverse engineering course geared for the intermediate level that expands on concepts covered in the recently retired Cracking the Perimeter (CTP) course, EXP-301 emphasizes important offensive security techniques and begins to prepare students for the notorious Advanced Windows Exploitation (AWE) course and the Offensive Security Exploitation Expert (OSEE) certification.
EXP-301 teaches the skills necessary to bypass DEP and ASLR security mitigations, create advanced custom Return-Oriented Programming (ROP) chains, reverse-engineer a network protocol and even create read and write primitives by exploiting format string specifiers.