Leader in the cybersecurity training sector.

Contact

Preparation Offensive Security Exploit Developer (OSED) 

Catégorie
Satisfaction rate
4.5
Success rate
5

The target audience for training

  • Cybersecurity professionals wishing to enhance their exploit development skills. 
  • Experienced pentesters wishing to specialise in exploiting binary vulnerabilities. 
  • Security researchers and malware analysts. 
  • Developers wishing to understand exploitation techniques to strengthen the security of their applications. 

What you will learn

Preparation for the Offensive Security Exploit Developer (OSED) certification will enable you to develop advanced skills in creating and developing exploits targeting system and software vulnerabilities. You will learn to analyse vulnerable programs in depth, understand modern protection mechanisms (such as ASLR, DEP, and sandboxing), and bypass these defences to write reliable and effective exploits. This course will also teach you reverse engineering techniques, advanced debugging and memory manipulation, preparing you to design sophisticated attacks and enhance your offensive security capabilities to an expert level.

Training programme

  • Duration: 5 days
  • Introduction to WinDbg 
    • Introduction to the interface and essential commands. 
    • Advanced debugging techniques. 
  • Stack Buffer Overflows 
    • Understanding buffer overflow vulnerabilities. 
    • Techniques for exploiting and bypassing protection. 
  • Exploitation of SEH Overflows 
    • Mechanisms for handling structured exceptions in Windows. 
    • Methods of exploiting SEH vulnerabilities.  
  • Introduction to IDA Pro (free version) 
    • Use of IDA Free for static analysis of binaries. 
    • Reverse engineering techniques to identify vulnerabilities.  
  • Bypassing space restrictions: Egghunters 
    • Creating and using egghunters to locate shellcode in memory. 
    • Techniques for injection into restricted memory spaces.  
  • Creating custom shellcode 
    • Writing shell code in assembler. 
    • Encoding and obfuscation to evade detection mechanisms. 
  • Reverse engineering of bugs 
    • Identification of vulnerabilities through static and dynamic analysis. 
    • Combined use of WinDbg and IDA Free for in-depth analysis.  
  • Bypass of DEP/ASLR protections with ROP chains 
    • Creation of ROP chains to bypass memory protections. 
    • Advanced stack handling techniques. 
  • String format attacks 
    • Understanding vulnerabilities related to format specifiers. 
    • Operating methods for arbitrary reading and writing to memory.

Training objectives

  • Master the development of Windows exploits in user mode on x86 architecture. 
  • Bypass modern security mechanisms such as DEP and ASLR. 
  • Develop custom ROP strings and write custom shellcode. 
  • Apply advanced reverse engineering techniques to identify vulnerabilities. 
  • Preparing for and passing the OSED certification exam.

Training prerequisites

  • Familiarity with debuggers such as WinDbg, ImmunityDBG or OllyDBG. 
  • Basic knowledge of operating on 32-bit architecture. 
  • Programming skills, particularly in Python 3. 
See the brochure for this course
  • Level : Intermediary
  • Certification body : ACG CYBERACADEMY
  • Certification: Yes
  • Accessibility : Yes
  • Duration: 5 days
Contact us
Book Now

Important information:

Our courses are not registered with the Répertoire National des Certifications Professionnelles (RNCP), but they do comply with the requirements of the Répertoire Spécifique (RS).

Réserver l’événement

icône Form/calendar icon
icône Form/ticket icon
icône Form/up small icon icône Form/down small icon
Billets disponibles: Illimité
Le billet de "" est épuisé. Vous pouvez essayer un autre billet ou une autre date.

We use cookies to improve your experience. See our Cookie policy and our Privacy policy.

Information request

I would like more information about your training courses

ACG Cyberacademy collects and uses the data provided via this form in order to process your registration requests. Fields marked with an * are required. The other information enables us to optimise the follow-up of your request and the quality of our customer relations.