Offsec EXP-301: Windows User Mode Exploit Development

  • Category Other
  • Type Tutorials
  • Language English
  • Total size 2.6 GB
  • Uploaded By hazing4864
  • Downloads 54
  • Last checked 3 hours ago
  • Date uploaded 9 hours ago
  • Seeders 12
  • Leechers 7

Infohash : 441384269579771BAD49166B8D2E960326D9A28F





Year - 2022/2023

EXP-301 (Windows User Mode Exploit Development) is an intermediate course on modern exploit development techniques. Learners gain hands-on experience crafting custom exploits and bypassing security defenses designed to elevate their skills in ethical hacking and vulnerability discovery. It will also provide an introduction to reverse engineering binary applications to help locate vulnerabilities. Completion of this course will prove the learner's expertise in advanced exploit development techniques, including reverse engineering, writing shellcode, and bypassing modern mitigations, making certified professionals invaluable for identifying and addressing vulnerabilities in software applications.

Files:

VIDEOS EXP-301
  • 0.EXP301-COPY_00_00-Copyright.mp4 (995.4 KB)
  • 1.EXP301-WINDBG_00_00-WinDbg and x86 Architecture.mp4 (789.2 KB)
  • 10.EXP301-WINDBG_03_00-Accessing and Manipulating Memory from WinDbg.mp4 (770.3 KB)
  • 100.EXP301-SHELL_05_02-Position-Independent Shellcode.mp4 (17.0 MB)
  • 101.EXP301-SHELL_06_00-Reverse Shell.mp4 (2.6 MB)
  • 102.EXP301-SHELL_06_01-Loading ws2_32.dll and Resolving Symbols.mp4 (15.8 MB)
  • 103.EXP301-SHELL_06_02-Calling WSAStartup.mp4 (18.0 MB)
  • 104.EXP301-SHELL_06_03-Calling WSASocket.mp4 (14.3 MB)
  • 105.EXP301-SHELL_06_04-Calling WSAConnect.mp4 (22.9 MB)
  • 106.EXP301-SHELL_06_05-Calling CreateProcessA.mp4 (25.7 MB)
  • 107.EXP301-SHELL_07_00-Wrapping Up.mp4 (1.2 MB)
  • 108.EXP301-REV_00_00-Reverse Engineering for Bugs.mp4 (4.7 MB)
  • 109.EXP301-REV_01_00-Installation and Enumeration.mp4 (1.0 MB)
  • 11.EXP301-WINDBG_03_01-Unassemble from Memory.mp4 (3.1 MB)
  • 110.EXP301-REV_01_01-Installing Tivoli Storage Manager.mp4 (5.4 MB)
  • 111.EXP301-REV_01_02-Enumerating an Application.mp4 (9.5 MB)
  • 112.EXP301-REV_02_00-Interacting with Tivoli Storage Manager.mp4 (3.1 MB)
  • 113.EXP301-REV_02_01-Hooking the recv API.mp4 (9.8 MB)
  • 114.EXP301-REV_02_02-Synchronizing WinDbg and IDA Pro.mp4 (18.7 MB)
  • 115.EXP301-REV_02_03-Tracing the Input.mp4 (9.8 MB)
  • 116.EXP301-REV_02_04-Checksum Please.mp4 (89.0 MB)
  • 117.EXP301-REV_03_00-Reverse Engineering the Protocol.mp4 (1.4 MB)
  • 118.EXP301-REV_03_01-Header-Data Separation.mp4 (58.5 MB)
  • 119.EXP301-REV_03_02-Reversing the Header.mp4 (54.7 MB)
  • 12.EXP301-WINDBG_03_02-Reading from Memory.mp4 (5.2 MB)
  • 120.EXP301-REV_03_03-Exploiting Memcpy.mp4 (24.7 MB)
  • 121.EXP301-REV_03_04-Getting EIP Control.mp4 (17.1 MB)
  • 122.EXP301-REV_04_00-Digging Deeper to Find More Bugs.mp4 (1.3 MB)
  • 123.EXP301-REV_04_01-Switching Execution.mp4 (25.8 MB)
  • 124.EXP301-REV_04_02-Going Down 0x534.mp4 (55.7 MB)
  • 125.EXP301-REV_05_00-Wrapping Up.mp4 (964.7 KB)
  • 126.EXP301-DEP_00_00-Stack Overflows and DEP Bypass.mp4 (1.5 MB)
  • 127.EXP301-DEP_01_00-Data Execution Prevention.mp4 (1,015.0 KB)
  • 128.EXP301-DEP_01_01-DEP Theory.mp4 (12.4 MB)
  • 129.EXP301-DEP_01_02-Windows Defender Exploit Guard.mp4 (17.8 MB)
  • 13.EXP301-WINDBG_03_03-Dumping Structures from Memory.mp4 (9.7 MB)
  • 130.EXP301-DEP_02_00-Return Oriented Programming.mp4 (1.8 MB)
  • 131.EXP301-DEP_02_01-Origins of Return Oriented Programming Exploitation.mp4 (4.0 MB)
  • 132.EXP301-DEP_02_02-Return Oriented Programming Evolution.mp4 (10.2 MB)
  • 133.EXP301-DEP_03_00-Gadget Selection.mp4 (1.4 MB)
  • 134.EXP301-DEP_03_01-Debugger Automation Pykd.mp4 (35.8 MB)
  • 135.EXP301-DEP_03_02-Optimized Gadget Discovery RP.mp4 (7.6 MB)
  • 136.EXP301-DEP_04_00-Bypassing DEP.mp4 (1.9 MB)
  • 137.EXP301-DEP_04_01-Getting The Offset.mp4 (18.4 MB)
  • 138.EXP301-DEP_04_02-Locating Gadgets.mp4 (8.5 MB)
  • 139.EXP301-DEP_04_03-Preparing the Battlefield.mp4 (9.2 MB)
  • 14.EXP301-WINDBG_03_04-Writing to Memory.mp4 (2.1 MB)
  • 140.EXP301-DEP_04_04-Making ROPs Acquaintance.mp4 (15.6 MB)
  • 141.EXP301-DEP_04_05-Obtaining VirtualAlloc Address.mp4 (51.5 MB)
  • 142.EXP301-DEP_04_06-Patching the Return Address.mp4 (31.0 MB)
  • 143.EXP301-DEP_04_07-Patching Arguments.mp4 (37.6 MB)
  • 144.EXP301-DEP_04_08-Executing VirtualAlloc.mp4 (21.2 MB)
  • 145.EXP301-DEP_04_09-Getting a Reverse Shell.mp4 (8.9 MB)
  • 146.EXP301-DEP_05_00-Wrapping Up.mp4 (1.3 MB)
  • 147.EXP301-ASLR_00_00-Stack Overflows and ASLR Bypass.mp4 (1.2 MB)
  • 148.EXP301-ASLR_01_00-ASLR Introduction.mp4 (1.0 MB)
  • 149.EXP301-ASLR_01_01-ASLR Implementation.mp4 (2.8 MB)
  • 15.EXP301-WINDBG_03_05-Searching the Memory Space.mp4 (8.7 MB)
  • 150.EXP301-ASLR_01_02-ASLR Bypass Theory.mp4 (9.0 MB)
  • 151.EXP301-ASLR_01_03-Windows Defender Exploit Guard and ASLR.mp4 (11.9 MB)
  • 152.EXP301-ASLR_02_00-Finding Hidden Gems.mp4 (1.8 MB)
  • 153.EXP301-ASLR_02_01-FXCLI_DebugDispatch.mp4 (20.9 MB)
  • 154.EXP301-ASLR_02_02-Arbitrary Symbol Resolution.mp4 (32.7 MB)
  • 155.EXP301-ASLR_02_03-Returning the Goods.mp4 (49.8 MB)
  • 156.EXP301-ASLR_03_00-Expanding our Exploit (ASLR Bypass).mp4 (1.5 MB)
  • 157.EXP301-ASLR_03_01-Leaking an IBM Module.mp4 (13.0 MB)
  • 158.EXP301-ASLR_03_02-Is That a Bad Character.mp4 (18.0 MB)
  • 159.EXP301-ASLR_04_00-Bypassing DEP with WriteProcessMemory.mp4 (1.3 MB)
  • 16.EXP301-WINDBG_03_06-Inspecting and Editing CPU Registers in WinDbg.mp4 (1.9 MB)
  • 160.EXP301-ASLR_04_01-WriteProcessMemory.mp4 (55.0 MB)
  • 161.EXP301-ASLR_04_02-Getting Our Shell.mp4 (24.4 MB)
  • 162.EXP301-ASLR_04_03-Handmade ROP Decoder.mp4 (40.5 MB)
  • 163.EXP301-ASLR_04_04-Automating the Shellcode Encoding.mp4 (5.0 MB)
  • 164.EXP301-ASLR_04_05-Automating the ROP Decoder.mp4 (41.3 MB)
  • 165.EXP301-ASLR_05_00-Wrapping Up.mp4 (1.4 MB)
  • 166.EXP301-FSSA1_00_00-Format String Specifier Attack Part I.mp4 (1.8 MB)
  • 167.EXP301-FSSA1_01_00-Format String Attacks.mp4 (499.7 KB)
  • 168.EXP301-FSSA1_01_01-Format String Theory.mp4 (5.9 MB)
  • 169.EXP301-FSSA1_01_02-Exploiting Format String Specifiers.mp4 (17.3 MB)
  • 17.EXP301-WINDBG_04_00-Controlling the Program Execution in WinDbg.mp4 (1.3 MB)
  • 170.EXP301-FSSA1_02_00-Attacking IBM Tivoli FastBackServer.mp4 (1.2 MB)
  • 171.EXP301-FSSA1_02_01-Investigating the EventLog Function.mp4 (15.3 MB)
  • 172.EXP301-FSSA1_02_02-Reverse Engineering a Path.mp4 (31.4 MB)
  • 173.EXP301-FSSA1_02_03-Invoke the Specifiers.mp4 (20.4 MB)
  • 174.EXP301-FSSA1_03_00-Reading the Event Log.mp4 (1.1 MB)
  • 175.EXP301-FSSA1_03_01-The Tivoli Event Log.mp4 (25.1 MB)
  • 176.EXP301-FSSA1_03_02-Remote Event Log Service.mp4 (36.0 MB)
  • 177.EXP301-FSSA1_03_03-Read From an Index.mp4 (51.4 MB)
  • 178.EXP301-FSSA1_03_04-Read From the Log.mp4 (25.3 MB)
  • 179.EXP301-FSSA1_03_05-Return the Log Content.mp4 (15.2 MB)
  • 18.EXP301-WINDBG_04_01-Software Breakpoints.mp4 (10.4 MB)
  • 180.EXP301-FSSA1_04_00-Bypassing ASLR with Format Strings.mp4 (1.1 MB)
  • 181.EXP301-FSSA1_04_01-Parsing the Event Log.mp4 (32.8 MB)
  • 182.EXP301-FSSA1_04_02-Leak Stack Address Remotely.mp4 (24.3 MB)
  • 183.EXP301-FSSA1_04_03-Saving the Stack.mp4 (5.6 MB)
  • 184.EXP301-FSSA1_04_04-Bypassing ASLR.mp4 (45.0 MB)
  • 185.EXP301-FSSA1_05_00-Wrapping Up.mp4 (1.3 MB)
  • 186.EXP301-FSSA2_00_00-Format String Specifier Attack Part II.mp4 (1.1 MB)
  • 187.EXP301-FSSA2_01_00-Write Primitive with Format Strings.mp4 (1.2 MB)
  • 188.EXP301-FSSA2_01_01-Format String Specifiers Revisited.mp4 (6.2 MB)
  • 189.EXP301-FSSA2_01_02-Overcoming Limitations.mp4 (49.7 MB)
  • 19.EXP301-WINDBG_04_02-Unresolved Function Breakpoint.mp4 (8.6 MB)
  • 190.EXP301-FSSA2_01_03-Write to the Stack.mp4 (31.2 MB)
  • 191.EXP301-FSSA2_01_04-Going for a DWORD.mp4 (7.1 MB)
  • 192.EXP301-FSSA2_02_00-Overwriting EIP with Format Strings.mp4 (949.2 KB)
  • 193.EXP301-FSSA2_02_01-Locating a Target.mp4 (23.9 MB)
  • 194.EXP301-FSSA2_02_02-Obtaining EIP Control.mp4 (12.9 MB)
  • 195.EXP301-FSSA2_03_00-Locating Storage Space.mp4 (748.4 KB)
  • 196.EXP301-FSSA2_03_01-Finding Buffers.mp4 (16.7 MB)
  • 197.EXP301-FSSA2_03_02-Stack Pivot.mp4 (16.4 MB)
  • 198.EXP301-FSSA2_04_00-Getting Code Execution.mp4 (953.0 KB)
  • 199.EXP301-FSSA2_04_01-ROP Limitations.mp4 (15.9 MB)
  • 2.EXP301-WINDBG_01_00-Introduction to x86 Architecture.mp4 (394.6 KB)
  • 20.EXP301-WINDBG_04_03-Breakpoint-Based Actions.mp4 (11.0 MB)
  • 200.EXP301-FSSA2_04_02-Getting a Shell.mp4 (4.2 MB)
  • 201.EXP301-FSSA2_05_00-Wrapping Up.mp4 (935.0 KB)
  • 21.EXP301-WINDBG_04_04-Hardware Breakpoints.mp4 (14.4 MB)
  • 22.EXP301-WINDBG_04_05-Stepping Through the Code.mp4 (12.3 MB)
  • 23.EXP301-WINDBG_05_00-Additional WinDbg Features.mp4 (799.5 KB)
  • 24.EXP301-WINDBG_05_01-Listing Modules and Symbols in WinDbg.mp4 (10.6 MB)
  • 25.EXP301-WINDBG_05_02-Using WinDbg as a Calculator.mp4 (2.0 MB)
  • 26.EXP301-WINDBG_05_03-Data Output Format.mp4 (2.2 MB)
  • 27.EXP301-WINDBG_05_04-Pseudo Registers.mp4 (3.0 MB)
  • 28.EXP301-WINDBG_06_00-Wrapping Up.mp4 (1.4 MB)
  • 29.EXP301-STACKOF_00_00-Exploiting Stack Overflows.mp4 (1.2 MB)
  • 3.EXP301-WINDBG_01_01-Program Memory.mp4 (4.4 MB)
  • 30.EXP301-STACKOF_01_00-Stack Overflows Introduction.mp4 (6.6 MB)
  • 31.EXP301-STACKOF_02_00-Installing the Sync Breeze Application.mp4 (6.4 MB)
  • 32.EXP301-STACKOF_03_00-Crashing the Sync Breeze Application.mp4 (9.8 MB)
  • 33.EXP301-STACKOF_04_00-Win32 Buffer Overflow Exploitation.mp4 (720.5 KB)
  • 34.EXP301-STACKOF_04_01-A Word About DEP ASLR and CFG.mp4 (2.2 MB)
  • 35.EXP301-STACKOF_04_02-Controlling EIP.mp4 (19.3 MB)
  • 36.EXP301-STACKOF_04_03-Locating Space for Our Shellcode.mp4 (16.6 MB)
  • 37.EXP301-STACKOF_04_04-Checking for Bad Characters.mp4 (15.7 MB)
  • 38.EXP301-STACKOF_04_05-Redirecting the Execution Flow.mp4 (1.3 MB)
  • 39.EXP301-STACKOF_04_06-Finding a Return Address.mp4 (34.7 MB)
  • 4.EXP301-WINDBG_01_02-CPU Registers.mp4 (5.4 MB)
  • 40.EXP301-STACKOF_04_07-Generating Shellcode with Metasploit.mp4 (5.5 MB)
  • 41.EXP301-STACKOF_04_08-Getting a Shell.mp4 (16.2 MB)
  • 42.EXP301-STACKOF_04_09-Improving the Exploit.mp4 (5.4 MB)
  • 43.EXP301-STACKOF_05_00-Wrapping Up.mp4 (1.1 MB)
  • 44.EXP301-SEH_00_00-Exploiting SEH Overflows.mp4 (1.6 MB)
  • 45.EXP301-SEH_01_00-Installing the Sync Breeze Application.mp4 (7.1 MB)
  • 46.EXP301-SEH_02_00-Crashing Sync Breeze.mp4 (3.5 MB)
  • 47.EXP301-SEH_03_00-Analyzing the Crash in WinDbg.mp4 (4.1 MB)
  • 48.EXP301-SEH_04_00-Introduction to Structured Exception Handling.mp4 (1.9 MB)
  • 49.EXP301-SEH_04_01-Understanding SEH.mp4 (11.1 MB)
  • 5.EXP301-WINDBG_02_00-Introduction to Windows Debugger.mp4 (943.1 KB)
  • 50.EXP301-SEH_04_02-SEH Validation.mp4 (6.1 MB)
  • 51.EXP301-SEH_05_00-Structured Exception Handler Overflows.mp4 (30.8 MB)
  • 52.EXP301-SEH_05_01-Gaining Code Execution.mp4 (26.6 MB)
  • 53.EXP301-SEH_05_02-Detecting Bad Characters.mp4 (9.6 MB)
  • 54.EXP301-SEH_05_03-Finding a PPR Instruction Sequence.mp4 (29.5 MB)
  • 55.EXP301-SEH_05_04-Island-Hopping in Assembly.mp4 (40.7 MB)
  • 56.EXP301-SEH_05_05-Obtaining a Shell.mp4 (9.9 MB)
  • 57.EXP301-SEH_06_00-Wrapping Up.mp4 (1.2 MB)
  • 58.EXP301-IDA_00_00-Introduction to IDA Pro.mp4 (2.3 MB)
  • 59.EXP301-IDA_01_00-IDA Pro 101.mp4 (1.0 MB)
  • 6.EXP301-WINDBG_02_01-What is a Debugger.mp4 (1.5 MB)
  • 60.EXP301-IDA_01_01-Installing IDA Pro.mp4 (2.7 MB)
  • 61.EXP301-IDA_01_02-The IDA Pro User Interface.mp4 (18.4 MB)
  • 62.EXP301-IDA_01_03-Basic Functionality.mp4 (11.5 MB)
  • 63.EXP301-IDA_01_04-Search Functionality.mp4 (8.4 MB)
  • 64.EXP301-IDA_02_00-Working with IDA Pro.mp4 (1.1 MB)
  • 65.EXP301-IDA_02_01-Static-Dynamic Analysis Synchronization.mp4 (10.7 MB)
  • 66.EXP301-IDA_02_02-Tracing Notepad.mp4 (18.5 MB)
  • 67.EXP301-IDA_03_00-Wrapping Up.mp4 (1.2 MB)
  • 68.EXP301-EGG_00_00-Overcoming Space Restrictions Egghunters.mp4 (1.5 MB)
  • 69.EXP301-EGG_01_00-Crashing the Savant Web Server.mp4 (9.3 MB)
  • 7.EXP301-WINDBG_02_02-WinDbg Interface.mp4 (4.4 MB)
  • 70.EXP301-EGG_02_00-Analyzing the Crash in WinDbg.mp4 (7.6 MB)
  • 71.EXP301-EGG_03_00-Detecting Bad Characters.mp4 (5.9 MB)
  • 72.EXP301-EGG_04_00-Gaining Code Execution.mp4 (22.1 MB)
  • 73.EXP301-EGG_04_01-Partial EIP Overwrite.mp4 (26.9 MB)
  • 74.EXP301-EGG_04_02-Changing the HTTP Method.mp4 (20.1 MB)
  • 75.EXP301-EGG_04_03-Conditional Jumps.mp4 (15.9 MB)
  • 76.EXP301-EGG_05_00-Finding Alternative Places to Store Large Buffers.mp4 (10.0 MB)
  • 77.EXP301-EGG_05_01-The Windows Heap Memory Manager.mp4 (5.0 MB)
  • 78.EXP301-EGG_06_00-Finding our Buffer - The Egghunter Approach.mp4 (1.9 MB)
  • 79.EXP301-EGG_06_01-Keystone Engine.mp4 (4.7 MB)
  • 8.EXP301-WINDBG_02_03-Understanding the Workspace.mp4 (1.9 MB)
  • 80.EXP301-EGG_06_02-System Calls and Egghunters.mp4 (25.0 MB)
  • 81.EXP301-EGG_06_03-Identifying and Addressing the Egghunter Issue.mp4 (19.6 MB)
  • 82.EXP301-EGG_06_04-Obtaining a Shell.mp4 (13.4 MB)
  • 83.EXP301-EGG_07_00-Improving the Egghunter Portability Using SEH.mp4 (28.9 MB)
  • 84.EXP301-EGG_07_01-Identifying the SEH-Based Egghunter Issue.mp4 (41.0 MB)
  • 85.EXP301-EGG_07_02-Porting the SEH Egghunter to Windows 10.mp4 (15.3 MB)
  • 86.EXP301-EGG_08_00-Wrapping Up.mp4 (1.1 MB)
  • 87.EXP301-SHELL_00_00-Creating Custom Shellcode.mp4 (1.7 MB)
  • 88.EXP301-SHELL_01_00-Calling Conventions on x86.mp4 (2.1 MB)
  • 89.EXP301-SHELL_02_00-The System Call Problem.mp4 (7.2 MB)
  • 9.EXP301-WINDBG_02_04-Debugging Symbols.mp4 (4.7 MB)
  • 90.EXP301-SHELL_03_00-Finding kernel32.dll.mp4 (2.8 MB)
  • 91.EXP301-SHELL_03_01-PEB Method.mp4 (10.3 MB)
  • 92.EXP301-SHELL_03_02-Assembling the Shellcode.mp4 (19.6 MB)
  • 93.EXP301-SHELL_04_00-Resolving Symbols.mp4 (4.2 MB)
  • 94.EXP301-SHELL_04_01-Export Directory Table.mp4 (5.8 MB)
  • 95.EXP301-SHELL_04_02-Working with the Export Names Array.mp4 (26.1 MB)
  • 96.EXP301-SHELL_04_03-Computing Function Name Hashes.mp4 (20.6 MB)
  • 97.EXP301-SHELL_04_04-Fetching the VMA of a Function.mp4 (22.4 MB)
  • 98.EXP301-SHELL_05_00-NULL-Free Position-Independent Shellcode (PIC).mp4 (3.9 MB)
  • 99.EXP301-SHELL_05_01-Avoiding NULL Bytes.mp4 (8.4 MB)

There are currently no comments. Feel free to leave one :)

Code:

  • udp://tracker.leechers-paradise.org:6969/announce
  • udp://tracker.coppersurfer.tk:6969/announce
  • udp://tracker.opentrackr.org:1337/announce
  • udp://tracker.zer0day.to:1337/announce
  • udp://eddie4.nl:6969/announce
R2-CACHE ☁️ R2 (hit) | CDN: REVALIDATED (0s) 📄 torrent 🕐 25 Dec 2025, 08:49:47 pm IST ⏰ 19 Jan 2026, 08:49:47 pm IST ✅ Valid for 1d 12h 🔄 Refresh Cache