OSED — Windows User Mode Exploit Development (EXP-301)

Section 01

01. At a Glance

About the course

OSED is the entry point to OffSec's exploit-development track. Reverse engineer real Windows binaries, find vulnerabilities, build working exploits with custom shellcode and ROP chains.

Section 02

02. Who Is This Course For

• Exploit developers
• Vulnerability researchers
• Red team developers

Prerequisites

• x86 / x64 assembly familiarity
• C / C++ basics

Section 03

03. What You Will Be Able To Do

• Reverse Windows binaries with IDA / x64dbg
• Identify exploitable bugs (BoF, format strings, UAF)
• Build custom shellcode and ROP chains
• Pass the 48-hour OSED exam

Section 04

04. Curriculum — 13 Modules

Module structure and topic coverage authored by Macksofy Technologies based on the publicly-published vendor syllabus, current as of the issue date of this brochure. Vendor reserves the right to revise content; Macksofy keeps cohort material aligned to the latest release.

1. Module 01

   Module 01 · WinDbg and x86 Architecture

   4 topics
   • WinDbg essentials & commands
   • x86 / x64 register conventions
   • PE format basics
   • Stack & heap layout
2. Module 02

   Module 02 · Exploiting Stack Overflows

   4 topics
   • Vanilla EIP control
   • Bad-character analysis
   • Shellcode payload selection
   • Return-address calculation
3. Module 03

   Module 03 · Exploiting SEH Overflows

   3 topics
   • Structured Exception Handler chain
   • POP-POP-RET technique
   • SafeSEH considerations
4. Module 04

   Module 04 · Introduction to IDA Pro

   4 topics
   • Static analysis workflow
   • Function navigation & cross-references
   • FLIRT signatures
   • Hex-Rays decompiler basics
5. Module 05

   Module 05 · Overcoming Space Restrictions — Egghunters

   3 topics
   • Egghunter algorithms
   • Optimizing for limited buffers
   • Choosing eggs that survive sanitization
6. Module 06

   Module 06 · Creating Custom Shellcode

   3 topics
   • Writing assembly shellcode from scratch
   • Position-independent code
   • Encoder / decoder design
7. Module 07

   Module 07 · Reverse Engineering for Bugs

   3 topics
   • Identifying vulnerable functions
   • Tracing tainted input
   • Recognizing common vulnerability patterns
8. Module 08

   Module 08 · Stack Overflows and DEP Bypass

   3 topics
   • Data Execution Prevention (NX) introduction
   • Return-Oriented Programming (ROP)
   • Building ROP chains with mona.py
9. Module 09

   Module 09 · Stack Overflows and ASLR Bypass

   3 topics
   • Address-Space Layout Randomization
   • Information-leak vulnerabilities
   • Partial / full address overwrite
10. Module 10

    Module 10 · Format String Specifier Attack — Part 1

    3 topics
    • Format-string vulnerability theory
    • Reading arbitrary memory
    • Stack-frame disclosure
11. Module 11

    Module 11 · Format String Specifier Attack — Part 2

    2 topics
    • Writing arbitrary memory with %n
    • Achieving RCE via format strings
12. Module 12

    Module 12 · Trying Harder — The Labs (capstone)

    3 topics
    • Three full exploit chains
    • Reverse + exploit + payload chain
    • 48-hour exam preparation
13. Module 13

    Macksofy bootcamp · CTF practice & exploit walkthroughs

    3 topics
    • Modern Windows targets
    • Bypass-mitigation case studies
    • Mock 48-hour exam

Section 05

05. Tools You Will Operate

Section 06

06. Career Outcomes

Section 07

07. Placement Support

Macksofy's placement desk works directly with 80+ hiring partners across India and the UAE. Resume coaching, mock interviews and direct intros included.

• 1:1 resume + LinkedIn rewrite with our hiring desk
• Mock interviews with active practitioners
• Direct intros to BFSI, fintech and Big-4 partners
• UAE placement support (Dubai, Abu Dhabi)

Section 08

08. Why Macksofy

• Vendor-true delivery — Macksofy is a hands-on cybersecurity training provider delivering practitioner-led bootcamps with exam-prep support.
• Practitioner-led delivery — every Macksofy instructor is a working OSCP / OSWE / OSEP / CISA-certified consultant on real client engagements during the week.
• Mentor support until you pass — extended access to mentor office hours and exam-day prep at no additional cost.
• Placement desk — Macksofy works with 80+ hiring partners across India and the UAE; your post-course resume, portfolio review and mock interviews are included.
• Indian classroom + online cohorts — onsite delivery in Mumbai BKC and Hyderabad HITEC City; live virtual cohorts pan-India with recordings.

Section 09

09. How to Enrol

1. Submit the enquiry form at macksofy.com/contact or call +91 99308 24239.
2. A Macksofy advisor will respond within 4 business hours with the next batch dates, payment terms and invoice.
3. Confirm enrolment via NEFT / RTGS / corporate card. EMI options available for select courses.
4. Receive welcome kit, lab credentials and the cohort calendar within 24 hours of confirmation.