Skip to main content
back to List back
on this page

OSEE OffSec Exploitation Expert - Advanced Windows Exploitation (EXP-401)

post-event
price $12,375
OffSec
Advanced
5 Days
Penetration Testing
Sat 18 Nov - Wed 22 Nov
price $12,375

Summary

Modern exploits for Windows-based platforms require modern bypass methods to circumvent Microsoft’s defenses. In Advanced Windows Exploitation (EXP-401), OffSec challenges learners to develop creative solutions that work in today’s increasingly difficult exploitation environment.

The case studies in AWE are large, well-known applications that are widely deployed in enterprise networks. The course dives deep into topics ranging from precision heap spraying to DEP and ASLR bypass techniques to 64-bit kernel exploitation.

AWE is a particularly demanding penetration testing course. It requires a significant amount of student-instructor interaction. Therefore, we limit AWE courses to a live, hands-on environment at Black Hat USA in Las Vegas, NV.

Detailed Description

Advanced Windows Exploitation (AWE) is our most demanding Offensive Security Course, featuring a sophisticated hands-on computer lab environment challenging you to bring out your best penetration testing skills.

Modern exploits for Windows-based platforms require modern bypass methods to circumvent Microsoft’s defenses. In Advanced Windows Exploitation (EXP-401), OffSec challenges students to develop creative solutions that work in today’s increasingly difficult exploitation environment.

This is the hardest course we offer and it requires a significant time investment. Learners need to commit to reading case studies and reviewing the provided reading material each evening.

The OSEE is the most difficult exploit development certification you can earn. We recommend completing the 300-level certifications before registering for this course.

Students who complete EXP-401 and pass the exam will earn the Offensive Security Exploitation Expert (OSEE) certification. The OSEE exam assesses not only the course content, but also the ability to think laterally and adapt to new challenges.

The virtual lab environment has a limited number of target systems. The software within contains specific, unknown vulnerabilities. Students have 72 hours to develop and document exploits. The exam requires a stable, high-speed internet connection.

You must submit a comprehensive penetration test report as part of the exam. It should contain in-depth notes and screenshots detailing the steps and exploit methods used.

Benefits

  • Analyze vulnerable software 
  • Find problematic code
  • Develop a functioning exploit for various modern Windows operating systems

Agenda / Topics to be Covered

  • Bypass and evasion of user mode security mitigations such as DEP, ASLR, CFG, ACG and CET
  • Advanced heap manipulations to obtain code execution along with guest-to-host and sandbox escapes
  • Disarming WDEG mitigations and creating version independence for weaponization
  • 64-Bit Windows Kernel Driver reverse engineering and vulnerability discovery
  • Bypass of kernel mode security mitigations such as kASLR, NX, SMEP, SMAP, kCFG and HVCI

Student requirements [knowledge pre-requisites]:

Learners should be experienced in developing windows exploits and understand how to operate a debugger. Familiarity with WinDBG, x86_64 assembly, IDA Pro and basic C/C++ programming is highly recommended. A willingness to work and put in real effort will greatly help students succeed in this security training course.

What students should bring with them to the class: 

Bring a serious laptop for this course. It should be able to run three VMs with ease. Please do not bring netbooks or other low-resolution systems. The only supported host operating system is Windows 10.

  • VMware Workstation 15 or higher
  • 64-bit CPU with a minimum of 4 cores along with support for NX, SMEP, VT-d/IOMMU and VT-x/EPT
  • At least 160 GB HD free
  • At least 16 GB of RAM

What students will be provided with onsite:  

  • Wi-Fi Internet

About the Exam 

  • This course may qualify you for 40 (ISC)² CPE Credits after you submit your documentation at the end of the training course or pass the certification challenge.
  • 48-hour exam