With DEP enabled, an attacker cannot simply jump to the stack to execute shellcode. The solution is ROP. EXP-401 dives deep into chaining small snippets of existing, executable code (gadgets) found within the target binary or loaded DLLs. Students learn to manually construct ROP chains that:
As of recent years, OffSec retired the EXP-401 course code in favor of and the advanced OSEE (Offensive Security Exploitation Expert). However, the legacy of EXP-401 lives on. The OSEE exam is widely considered the final boss of Windows certification—requiring you to bypass SMEP, CFG, and kASLR in a single exploit chain. exp-401 advanced windows exploitation
With the rise of and memory-safe languages, some ask: "Is low-level exploitation dying?" With DEP enabled, an attacker cannot simply jump
With DEP enabled, an attacker cannot simply jump to the stack to execute shellcode. The solution is ROP. EXP-401 dives deep into chaining small snippets of existing, executable code (gadgets) found within the target binary or loaded DLLs. Students learn to manually construct ROP chains that:
As of recent years, OffSec retired the EXP-401 course code in favor of and the advanced OSEE (Offensive Security Exploitation Expert). However, the legacy of EXP-401 lives on. The OSEE exam is widely considered the final boss of Windows certification—requiring you to bypass SMEP, CFG, and kASLR in a single exploit chain.
With the rise of and memory-safe languages, some ask: "Is low-level exploitation dying?"