{"id":15034641,"url":"https://github.com/cybersecurityup/osce3-complete-guide","last_synced_at":"2026-01-24T08:33:06.510Z","repository":{"id":37549078,"uuid":"377629895","full_name":"CyberSecurityUP/OSCE3-Complete-Guide","owner":"CyberSecurityUP","description":"OSWE, OSEP, OSED, OSEE","archived":false,"fork":false,"pushed_at":"2024-06-16T03:06:42.000Z","size":204,"stargazers_count":2991,"open_issues_count":2,"forks_count":623,"subscribers_count":77,"default_branch":"main","last_synced_at":"2025-03-26T04:42:31.675Z","etag":null,"topics":["offensive-security","offsec","osce","osce3","oscp","osed","osee","osep","osep-prep","oswe","oswe-guide","oswe-prep"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CyberSecurityUP.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-06-16T21:16:32.000Z","updated_at":"2025-03-26T04:05:17.000Z","dependencies_parsed_at":"2022-07-15T16:37:37.104Z","dependency_job_id":"236f0950-d1e1-43d3-a3dc-61c5b694b15a","html_url":"https://github.com/CyberSecurityUP/OSCE3-Complete-Guide","commit_stats":null,"previous_names":["cybersecurityup/osce-complete-guide"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberSecurityUP%2FOSCE3-Complete-Guide","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberSecurityUP%2FOSCE3-Complete-Guide/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberSecurityUP%2FOSCE3-Complete-Guide/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberSecurityUP%2FOSCE3-Complete-Guide/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CyberSecurityUP","download_url":"https://codeload.github.com/CyberSecurityUP/OSCE3-Complete-Guide/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245591617,"owners_count":20640692,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["offensive-security","offsec","osce","osce3","oscp","osed","osee","osep","osep-prep","oswe","oswe-guide","oswe-prep"],"created_at":"2024-09-24T20:25:49.339Z","updated_at":"2026-01-24T08:33:06.503Z","avatar_url":"https://github.com/CyberSecurityUP.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# OSCE³ and OSEE Study Guide [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)\n\n## OSWE\n\n### Content\n\n- Web security tools and methodologies\n- Source code analysis\n- Persistent cross-site scripting\n- Session hijacking\n- .NET deserialization\n- Remote code execution\n- Blind SQL injections\n- Data exfiltration\n- Bypassing file upload restrictions and file extension filters\n- PHP type juggling with loose comparisons\n- PostgreSQL Extension and User Defined Functions\n- Bypassing REGEX restrictions\n- Magic hashes\n- Bypassing character restrictions\n- UDF reverse shells\n- PostgreSQL large objects\n- DOM-based cross site scripting (black box)\n- Server side template injection\n- Weak random token generation\n- XML External Entity Injection\n- RCE via database Functions\n- OS Command Injection via WebSockets (BlackBox)\n\n### Study Materials\n1. [timip-GitHub](https://github.com/timip/OSWE)- Reference guide\n2. [noraj-GitHub](https://github.com/noraj/AWAE-OSWE) - Reference guide\n3. [wetw0rk-Github](https://github.com/wetw0rk/AWAE-PREP) - Reference guide\n4. [kajalNair-Github](https://github.com/kajalNair/OSWE-Prep) - Reference guide\n5. [s0j0hn-Github](https://github.com/s0j0hn/AWAE-OSWE-Prep) - Reference guide\n6. [deletehead-Github](https://github.com/deletehead/awae_oswe_prep) - Reference guide\n7. [z-r0crypt](https://z-r0crypt.github.io/blog/2020/01/22/oswe/awae-preparation/) - Reference guide\n8. [rayhan0x01](https://rayhan0x01.github.io/web/2021/04/12/awae-web-300-oswe-guide-2021.html) - Reference guide\n9. [Nathan-Rague](https://hub.schellman.com/blog/oswe-review-and-exam-preparation-guide) - Reference guide\n10. [Joas Content](https://drive.google.com/file/d/1bASc-SLmuD0tXmd88h0QclRSpUu_rvnF/view?usp=sharing) - Reference guide\n11. [Lawlez-Github](https://github.com/Lawlez/myOSWE) - Reference guide\n12. [0xb120](https://github.com/0xb120/cheatsheets_and_ctf-notes/blob/main/OSWE%20preparation.md) - Reference Guide\n13. [Jaelkoh](https://infosec.jaelkoh.com/2024/my-first-year-in-infosec-zero-to-osce3)\n14. [snoopysecurity](https://github.com/snoopysecurity/OSWE-Prep) - Reference Guide\n15. [aaidanquimby](https://github.com/aaidanquimby/OSWE-Notes) - Reference Guide\n\n### Vulnerabilities\n\n1. [XXE Injection](https://www.hackingarticles.in/comprehensive-guide-on-xxe-injection/)\n2. [CSRF](https://www.hackingarticles.in/understanding-the-csrf-vulnerability-a-beginners-guide/)\n3. [Cross-Site Scripting Exploitation](https://www.hackingarticles.in/cross-site-scripting-exploitation/)\n4. [Cross-Site Scripting (XSS)](https://www.hackingarticles.in/comprehensive-guide-on-cross-site-scripting-xss/)\n5. [Unrestricted File Upload](https://www.hackingarticles.in/comprehensive-guide-on-unrestricted-file-upload/)\n6. [Open Redirect](https://www.hackingarticles.in/comprehensive-guide-on-open-redirect/)\n7. [Remote File Inclusion (RFI)](https://www.hackingarticles.in/comprehensive-guide-to-remote-file-inclusion-rfi/)\n8. [HTML Injection](https://www.hackingarticles.in/comprehensive-guide-on-html-injection/)\n9. [Path Traversal](https://www.hackingarticles.in/comprehensive-guide-on-path-traversal/)\n10. [Broken Authentication \u0026 Session Management](https://www.hackingarticles.in/comprehensive-guide-on-broken-authentication-session-management/)\n11. [OS Command Injection](https://www.hackingarticles.in/comprehensive-guide-on-os-command-injection/)\n12. [Multiple Ways to Banner Grabbing](https://www.hackingarticles.in/multiple-ways-to-banner-grabbing/)\n13. [Local File Inclusion (LFI)](https://www.hackingarticles.in/comprehensive-guide-to-local-file-inclusion/)\n14. [Netcat for Pentester](https://www.hackingarticles.in/netcat-for-pentester/)\n15. [WPScan:WordPress Pentesting Framework](https://www.hackingarticles.in/wpscanwordpress-pentesting-framework/)\n16. [WordPress Pentest Lab Setup in Multiple Ways](https://www.hackingarticles.in/wordpress-pentest-lab-setup-in-multiple-ways/)\n17. [Multiple Ways to Crack WordPress login](https://www.hackingarticles.in/multiple-ways-to-crack-wordpress-login/)\n18. [Web Application Pentest Lab Setup on AWS](https://www.hackingarticles.in/web-application-pentest-lab-setup-on-aws)\n19. [Web Application Lab Setup on Windows](https://www.hackingarticles.in/web-application-lab-setup-on-windows/)\n20. [Web Application Pentest Lab setup Using Docker](https://www.hackingarticles.in/web-application-pentest-lab-setup-using-docker/)\n21. [Web Shells Penetration Testing](https://www.hackingarticles.in/web-shells-penetration-testing/)\n22. [SMTP Log Poisoning](https://www.hackingarticles.in/smtp-log-poisioning-through-lfi-to-remote-code-exceution/)\n23. [HTTP Authentication](https://www.hackingarticles.in/multiple-ways-to-exploiting-http-authentication/)\n24. [Understanding the HTTP Protocol](https://www.hackingarticles.in/understanding-http-protocol/)\n25. [Broken Authentication \u0026 Session Management](https://www.hackingarticles.in/comprehensive-guide-on-broken-authentication-session-management/)\n26. [Apache Log Poisoning through LFI](https://www.hackingarticles.in/apache-log-poisoning-through-lfi/)\n27. [Beginner’s Guide to SQL Injection (Part 1)](https://www.hackingarticles.in/beginner-guide-sql-injection-part-1/)\n28. [Boolean Based](https://www.hackingarticles.in/beginner-guide-sql-injection-boolean-based-part-2/)\n29. [How to Bypass SQL Injection Filter](https://www.hackingarticles.in/bypass-filter-sql-injection-manually/)\n30. [Form Based SQL Injection](https://www.hackingarticles.in/form-based-sql-injection-manually/)\n31. [Dumping Database using Outfile](https://www.hackingarticles.in/dumping-database-using-outfile/)\n32. [IDOR](https://www.hackingarticles.in/beginner-guide-insecure-direct-object-references/)\n\n### Reviews\n\n1. [OSWE Review](https://www.helviojunior.com.br/it/oswe-uma-historia-de-insucessos/) - Portuguese Content\n2. [0xklaue](https://0xklaue.medium.com/attacking-the-web-the-offensive-security-way-b38bea609318)\n3. [greenwolf security](https://medium.com/greenwolf-security/an-awae-oswe-review-2020-update-6d6ec7a80c1f)\n4. [Cristian R](https://securitygrind.com/the-oswe-in-review/)\n5. [21y4d](https://forum.hackthebox.eu/discussion/2646/oswe-exam-review-2020-notes-gifts-inside) - Exam Reviews\n6. [Marcin Szydlowski](https://infosecwriteups.com/awae-oswe-review-from-a-non-developer-perspective-2c2842cfbd4d)\n7. [Nathan Rague](https://hub.schellman.com/blog/oswe-review-and-exam-preparation-guide)\n8. [Elias Dimopoulos](https://www.linkedin.com/pulse/awaeoswe-2020-expected-review-elias-dimopoulos/)\n9. [OSWE Review - Tips \u0026 Tricks](https://www.youtube.com/watch?v=ElZ7fFE9Gr4) - OSWE Review - Tips \u0026 Tricks\n10. [Alex-labs](https://alex-labs.com/my-awae-review-becoming-an-oswe/)\n11. [niebardzo Github](https://niebardzo.github.io/2021-01-12-oswe-review/) - Exam Review\n12. [Marcus Aurelius](https://stacktrac3.co/oswe-review-awae-course/)\n13. [yakuhito](https://blog.kuhi.to/offsec-awae-oswe-review)\n14. [donavan.sg](https://donavan.sg/blog/index.php/2020/03/14/the-awae-oswe-journey-a-review/)\n15. [Alexei Kojenov](https://kojenov.com/2020-04-08-oswe-review/)\n16. [(OSWE)-Journey \u0026 Review](https://www.youtube.com/watch?v=wDev3q8lADE) - Offensive Security Web Expert (OSWE) - Journey \u0026 Review\n17. [Patryk Bogusz](https://niebardzo.github.io/2021-01-12-oswe-review/)\n18. [svdwi GitHub](https://github.com/svdwi/OSWE-Labs-Poc) - OSWE Labs POC\n19. [Werebug.com ](https://werebug.com/journal/oswe/osep/2021/08/05/oswe-and-osep-obtained-what-next.html) - OSWE and OSEP\n20. [jvesiluoma](https://www.vesiluoma.com/offensive-security-web-expert-oswe-advanced-web-attacks-and-exploitation/)\n21. [ApexPredator](https://github.com/ApexPredator-InfoSec/AWAE-OSWE)\n22. [Thomas Peterson](https://tpetersonkth.github.io/2022/04/16/OSWE-Review.html)\n23. [NOH4TS](https://n0h4ts.medium.com/how-i-pass-oswe-on-the-first-try-2022-92ffaee1e636)\n24. [Alex](https://alex-labs.com/my-awae-review-becoming-an-oswe/)\n25. [RCESecurity](https://www.rcesecurity.com/2022/04/AWAE-Course-and-OSWE-Exam-Review/)\n26. [Dhakal](https://dhakal-ananda.com.np/non-technical/2023/02/09/oswe-journey.html)\n27. [Karol Mazurek](https://karol-mazurek95.medium.com/oswe-preparation-5d2d5f0e2cba)\n28. [4PFSec](https://4pfsec.com/oswe)\n29. [Cobalt.io](https://www.cobalt.io/blog/awae-oswe-for-humans)\n30. [hakansonay](https://hakansonay.medium.com/the-oswe-review-and-exam-preparation-guide-e37886046b23)\n31. [Jake Mayhew](https://medium.com/@jake.mayhew/web-300-oswe-review-offsec-web-expert-46074fbdb237)\n32. [Organic Security](https://www.organicsecurity.in/2024/01/oswe-by-offsec-detailed-review.html)\n33. [Bitten Tech](https://www.youtube.com/watch?v=k1NExrTNfks)\n34. [What is OSWE Certification – StationX](https://www.stationx.net/what-is-oswe-certification/)\n35. [OSCP and OSWE Journey – Adam Bartlett](https://medium.com/@adamforsythebartlett/oscp-and-oswe-journey-fe28a994604c)\n36. [OSWE Notes – Secdomain](https://github.com/Secdomain/OSWE-Notes)\n37. [OSWE Resources – saunders-jake](https://github.com/saunders-jake/oswe-resources)\n38. [OSWE Review - steflan](https://steflan-security.com/offsec-web-expert-oswe-review/)\n\n\n### Extra Content \n\n1. [OSWE labs](https://www.youtube.com/watch?v=F46tQww_IvE) - OSWE labs and exam's review/guide\n2. [HTB Machine](https://www.youtube.com/watch?v=NMGsnPSm8iw\u0026list=PLidcsTyj9JXKTnpphkJ310PVVGF-GuZA0)\n3. [Deserialization](https://www.youtube.com/watch?v=t-zVC-CxYjw\u0026list=PLL5n_4gj5JCw1aRrlVbdMCAugNz-ia3Wh)\n7. [B1twis3](https://medium.com/@fasthm00/the-state-of-oswe-c68150210fe4)\n9. [jangelesg GitHub](https://github.com/jangelesg/AWAE-OSWE)\n10. [rootshooter](https://github.com/rootshooter/oswe-prep-2022)\n11. [svdwi](https://github.com/svdwi/OSWE-Labs-Poc)\n\n## OSEP\n\n### Content\n\n- Operating System and Programming Theory\n- Client Side Code Execution With Office\n- Client Side Code Execution With Jscript\n- Process Injection and Migration\n- Introduction to Antivirus Evasion\n- Advanced Antivirus Evasion\n- Application Whitelisting\n- Bypassing Network Filters\n- Linux Post-Exploitation\n- Kiosk Breakouts\n- Windows Credentials\n- Windows Lateral Movement\n- Linux Lateral Movement\n- Microsoft SQL Attacks\n- Active Directory Exploitation\n- Combining the Pieces\n- Trying Harder: The Labs\n\n### Study Materials\n\n- [OSEP Code Snippets](https://github.com/chvancooten/OSEP-Code-Snippets)\n- [Experienced Pentester OSEP](https://github.com/nullg0re/Experienced-Pentester-OSEP)\n- [OSEP Pre](https://github.com/r0r0x-xx/OSEP-Pre)\n- [PEN 300 OSEP Prep](https://github.com/deletehead/pen_300_osep_prep)\n- [OSEP Thoughts](https://github.com/J3rryBl4nks/OSEP-Thoughts)\n- [OSEP Code Snippets README](https://github.com/chvancooten/OSEP-Code-Snippets/blob/main/README.md)\n- [Osep](https://github.com/aldanabae/Osep)\n- [Google Drive File](https://drive.google.com/file/d/1znezUNtghkcFhwfKMZmeyNrtdbwBXRsz/view?usp=sharing)\n- [Awesome Red Team Operations](https://github.com/CyberSecurityUP/Awesome-Red-Team-Operations)\n- [OSEP Study Guide 2022 - João Paulo de Andrade Filho](https://www.linkedin.com/pulse/osep-study-guide-2022-jo%C3%A3o-paulo-de-andrade-filho/)\n- [OSEP PREP Useful Resources Payloads](https://github.com/Ross46/OSEP-PREP/blob/main/Useful%20Resources/Payloads.md)\n- [OSEP in3x0rab13](https://github.com/In3x0rabl3/OSEP)\n- [OSEP forsec](https://forsec.nl/osep.html)\n\n### Reviews\n\n- [nullg0re](https://nullg0re.com/?p=113)\n- [SpaceRaccoon Dev](https://spaceraccoon.dev/offensive-security-experienced-penetration-tester-osep-review-and-exam)\n- [HackSouth YouTube](https://www.youtube.com/watch?v=fA3pkNcGpH0\u0026ab_channel=HackSouth)\n- [Schellman](https://www.schellman.com/blog/osep-and-pen-300-course-review)\n- [Cinzinga](https://cinzinga.com/OSEP-PEN-300-Review/)\n- [YouTube iUPyiJbN4l4](https://www.youtube.com/watch?v=iUPyiJbN4l4)\n- [BorderGate](https://www.bordergate.co.uk/offensive-security-experienced-penetration-tester-osep-review/)\n- [Reddit OSEP Review](https://www.reddit.com/r/osep/comments/ldhc20/osep_review/)\n- [Reddit OSCP Review](https://www.reddit.com/r/oscp/comments/jj0sr9/offensive_security_experienced_penetration_tester/)\n- [Purpl3F0xSecur1ty](https://www.purpl3f0xsecur1ty.tech/2021/03/18/osep.html)\n- [MakoSecBlog](https://makosecblog.com/miscellaneous/osep-course-review/)\n- [YouTube iUPyiJbN4l4](https://www.youtube.com/watch?v=iUPyiJbN4l4\u0026t=1s)\n- [YouTube 15sv5eZ0oCM](https://www.youtube.com/watch?v=15sv5eZ0oCM)\n- [YouTube 0n3Li63PwnQ](https://www.youtube.com/watch?v=0n3Li63PwnQ)\n- [YouTube BWNzB1wIEQ](https://www.youtube.com/watch?v=BWNzB1wIEQ)\n- [SpaceRaccoon Dev](https://spaceraccoon.dev/offensive-security-experienced-penetration-tester-osep-review-and-exam)\n- [Cas van Cooten](https://casvancooten.com/posts/2021/03/getting-the-osep-certification-evasion-techniques-and-breaching-defenses-pen-300-course-review/)\n- [BorderGate](https://www.bordergate.co.uk/offensive-security-experienced-penetration-tester-osep-review/)\n- [MakoSecBlog](https://makosecblog.com/miscellaneous/osep-course-review/)\n- [David Lebr1 GitBook](https://davidlebr1.gitbook.io/infosec/blog/osep-review)\n- [Offensive Security](https://www.offensive-security.com/offsec/pen300-approach-review/)\n- [João Paulo de Andrade Filho LinkedIn](https://www.linkedin.com/pulse/osep-study-guide-2022-jo%C3%A3o-paulo-de-andrade-filho/)\n- [YouTube R1apMwbVuDs](https://www.youtube.com/watch?v=R1apMwbVuDs)\n- [YouTube iUPyiJbN4l4](https://www.youtube.com/watch?v=iUPyiJbN4l4)\n- [Cristian Cornea Medium](https://corneacristian.medium.com/tips-for-offensive-security-experienced-penetration-tester-osep-certification-92f3801428c3)\n- [Security Boulevard](https://securityboulevard.com/2023/05/osep-review/)\n- [YouTube R1apMwbVuDs](https://www.youtube.com/watch?v=R1apMwbVuDs\u0026ab_channel=Conda)\n- [Fluid Attacks](https://fluidattacks.com/blog/osep-review/)\n- [Heartburn.dev](https://heartburn.dev/osep-review-2021-offensive-security-experienced-pentester/)\n- [YouTube FVZkVZKIyOA](https://www.youtube.com/watch?v=FVZkVZKIyOA\u0026ab_channel=FantasM)\n- [RootJaxk](https://rootjaxk.github.io/posts/OSEP/)\n- [Dhruvagoyal](https://dhruvagoyal.medium.com/cracking-the-osep-exam-a-48-hour-marathon-to-victory-c0021cd15c3c)\n- [IT Security Labs](https://www.youtube.com/watch?v=5SEgaUhVCcE)\n- [Benjamen Lim](https://westsideelectronics.com/osep-in-2024/)\n- [Marmeus](https://marmeus.com/post/OSEP)\n- [Winslow](https://winslow1984.com/books/notes-beK/page/backup-osep-and-oswe-review)\n- [Jakob Bo Moller](https://www.linkedin.com/pulse/my-osep-experience-jakob-bo-m%C3%B8ller-0taze/)\n- [swzhouu](https://medium.com/secure-d/offsec-experienced-penetration-tester-osep-2024-review-9183343d7453)\n- [My Review on OSEP 2025](https://medium.com/@toneemarqus/my-review-on-osep-2025-abea5413ca7f)\n- [OSEP Certification Overview – StationX](https://www.stationx.net/osep-certification/)\n- [I Passed OSEP with secret.txt and So Can You](https://medium.com/@beauknowstech/i-passed-osep-with-secret-txt-and-so-can-you-e0286d1af3bb)\n- [OSED vs OSEP Review – 0xbad53c](https://red.0xbad53c.com/training-reviews/offensive-security/osed)\n- [OSEP Prep Notes – Ross46](https://github.com/Ross46/OSEP-PREP/blob/main/Exam%202.0.md)\n- [OSEPlayground – Extravenger](https://github.com/Extravenger/OSEPlayground)\n- [YouTube – OSEP Review Video](https://www.youtube.com/watch?v=GweSTA7a4ho)\n\n### Labs\n\n- [SpaceRaccoon Dev - OSEP Review and Exam](https://spaceraccoon.dev/offensive-security-experienced-penetration-tester-osep-review-and-exam)\n- [Exploit-DB - Evasion Techniques Breaching Defenses](https://www.exploit-db.com/evasion-techniques-breaching-defenses)\n- [OSCP Exam Report Template Markdown](https://noraj.github.io/OSCP-Exam-Report-Template-Markdown/)\n- [Offensive Security - OSEP Exam FAQ](https://help.offensive-security.com/hc/en-us/articles/360049781352-OSEP-Exam-FAQ)\n- [CyberEagle - OSEP Review](https://www.cybereagle.io/blog/osep-review/)\n- [PentestLab - Defense Evasion](https://pentestlab.blog/category/red-team/defense-evasion/)\n- [PentestLab - Antivirus Evasion](https://pentestlab.blog/tag/antivirus-evasion/)\n- [PentestLaboratories - Process Herpaderping Windows Defender Evasion](https://pentestlaboratories.com/2021/01/18/process-herpaderping-windows-defender-evasion/)\n- [YouTube - PentesterAcademyTV](https://www.youtube.com/watch?v=dS0GcSA7kEw\u0026ab_channel=PentesterAcademyTV)\n- [YouTube - PacktVideo](https://www.youtube.com/watch?v=cqxOS9uQL_c\u0026ab_channel=PacktVideo)\n- [YouTube - PentesterAcademyTV](https://www.youtube.com/watch?v=ZaJpDeLvo6I\u0026ab_channel=PentesterAcademyTV)\n- [GitHub - In3x0rabl3/OSEP](https://github.com/In3x0rabl3/OSEP)\n- [GitHub - timip/OSEP](https://github.com/timip/OSEP)\n\n## OSED\n\n### Content\n\n- WinDbg tutorial\n- Stack buffer overflows\n- Exploiting SEH overflows\n- Intro to IDA Pro\n- Overcoming space restrictions: Egghunters\n- Shellcode from scratch\n- Reverse-engineering bugs\n- Stack overflows and DEP/ASLR bypass\n- Format string specifier attacks\n- Custom ROP chains and ROP payload decoders\n\n### Study Materials\n\n- [snoopysecurity - OSCE Prep](https://github.com/snoopysecurity/OSCE-Prep)\n- [epi052 - OSED Scripts](https://github.com/epi052/osed-scripts)\n- [Exploit-DB - Windows User Mode Exploit Development](https://www.exploit-db.com/windows-user-mode-exploit-development)\n- [r0r0x-xx - OSED Pre](https://github.com/r0r0x-xx/OSED-Pre)\n- [sradley - OSED](https://github.com/sradley/osed)\n- [Nero22k - Exploit Development](https://github.com/Nero22k/Exploit_Development)\n- [YouTube - 7PMw9GIb8Zs](https://www.youtube.com/watch?v=7PMw9GIb8Zs)\n- [YouTube - FH1KptfPLKo](https://www.youtube.com/watch?v=FH1KptfPLKo)\n- [YouTube - sOMmzUuwtmc](https://www.youtube.com/watch?v=sOMmzUuwtmc)\n- [ExploitLab Blog](https://blog.exploitlab.net/)\n- [Azeria Labs - Heap Exploit Development Part 1](https://azeria-labs.com/heap-exploit-development-part-1/)\n- [ZeroKnights - Getting Started Exploit Lab](http://zeroknights.com/getting-started-exploit-lab/)\n- [Google Drive File 1](https://drive.google.com/file/d/1poocO7AOMyBQBtDXvoaZ2dgkq3Zf1Wlb/view?usp=sharing)\n- [Google Drive File 2](https://drive.google.com/file/d/1qPPs8DHbeJ6YIIjbsC-ZPMajUeSfXw6N/view?usp=sharing)\n- [Google Drive File 3](https://drive.google.com/file/d/1RdkhmTIvD6H4uTNxWL4FCKISgVUbaupL/view?usp=sharing)\n- [Corelan - Exploit Writing Tutorial Part 1: Stack Based Overflows](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/)\n- [wtsxDev - Exploit Development](https://github.com/wtsxDev/Exploit-Development/blob/master/README.md)\n- [corelan - Corelan Training](https://github.com/corelan/CorelanTraining)\n- [subat0mik - Journey to OSCE](https://github.com/subat0mik/Journey_to_OSCE)\n- [nanotechz9l - Corelan Exploit Tutorial Part 1: Stack Based Overflows](https://github.com/nanotechz9l/Corelan-Exploit-tutorial-part-1-Stack-Based-Overflows/blob/master/3%20eip_crash.rb)\n- [snoopysecurity - OSCE Prep](https://github.com/snoopysecurity/OSCE-Prep)\n- [bigb0sss - OSCE](https://github.com/bigb0sss/OSCE)\n- [epi052 - OSCE Exam Practice](https://github.com/epi052/OSCE-exam-practice)\n- [mdisec - OSCE Preparation](https://github.com/mdisec/osce-preparation)\n- [mohitkhemchandani - OSCE BIBLE](https://github.com/mohitkhemchandani/OSCE_BIBLE)\n- [FULLSHADE - OSCE](https://github.com/FULLSHADE/OSCE)\n- [areyou1or0 - OSCE Exploit Development](https://github.com/areyou1or0/OSCE-Exploit-Development)\n- [securityELI - CTP OSCE](https://github.com/securityELI/CTP-OSCE)\n- [Google Drive File 4](https://drive.google.com/file/d/1MH9Tv-YTUVrqgLT3qJDBl8Ww09UyF2Xc/view?usp=sharing)\n- [Coalfire Blog - The Basics of Exploit Development](https://www.coalfire.com/the-coalfire-blog/january-2020/the-basics-of-exploit-development-1)\n- [Connor McGarr - Browser Exploit](https://connormcgarr.github.io/browser1/)\n- [KaliTut - Exploit Development Resources](https://kalitut.com/exploit-development-resources/)\n- [0xZ0F - Z0FCourse Exploit Development](https://github.com/0xZ0F/Z0FCourse_ExploitDevelopment)\n- [dest-3 - OSED Resources](https://github.com/dest-3/OSED_Resources)\n- [Infosec Institute - Python for Exploit Development](https://resources.infosecinstitute.com/topic/python-for-exploit-development-common-vulnerabilities-and-exploits/)\n- [Anitian - A Study in Exploit Development Part 1: Setup and Proof of Concept](https://www.anitian.com/a-study-in-exploit-development-part-1-setup-and-proof-of-concept/)\n- [Sam's Class - WWC 2014](https://samsclass.info/127/127_WWC_2014.shtml)\n- [Stack Overflow - Exploit Development in Python 3](https://stackoverflow.com/questions/42615124/exploit-development-in-python-3)\n- [CTF Writeups - Converting Metasploit Modules to Python](https://cd6629.gitbook.io/ctfwriteups/converting-metasploit-modules-to-python)\n- [PacktPub - Networking and Servers](https://subscription.packtpub.com/book/networking_and_servers/9781785282324/8)\n- [Cybrary - Exploit Development Part 5](https://www.cybrary.it/video/exploit-development-part-5/)\n- [SpaceRaccoon - ROP and Roll EXP-301 Offensive Security Exploit Development (OSED) Review](https://spaceraccoon.dev/rop-and-roll-exp-301-offensive-security-exploit-development-osed-review-an)\n- [Offensive Security - OSED Exam Guide](https://help.offensive-security.com/hc/en-us/articles/360052977212-OSED-Exam-Guide)\n- [epi052 - OSED Scripts](https://github.com/epi052/osed-scripts)\n- [YouTube - 0n3Li63PwnQ](https://www.youtube.com/watch?v=0n3Li63PwnQ)\n- [epi052 - Windows Usermode Exploit Development Review](https://epi052.gitlab.io/notes-to-self/blog/2021-06-16-windows-usermode-exploit-development-review/)\n- [PythonRepo - epi052 OSED Scripts](https://pythonrepo.com/repo/epi052-osed-scripts)\n- [dhn - OSEE](https://github.com/dhn/OSEE)\n- [PythonRepo - epi052 OSED Scripts](https://pythonrepo.com/repo/epi052-osed-scripts)\n- [nop-tech - OSED](https://github.com/nop-tech/OSED)\n- [Ired Team - ROP Chaining Return Oriented Programming](https://www.ired.team/offensive-security/code-injection-process-injection/binary-exploitation/rop-chaining-return-oriented-programming)\n- [InfoSec Writeups - ROP Chains on ARM](https://infosecwriteups.com/rop-chains-on-arm-3f087a95381e)\n- [YouTube - 8zRoMAkGYQE](https://www.youtube.com/watch?v=8zRoMAkGYQE)\n- [Infosec Institute - Return Oriented Programming ROP Attacks](https://resources.infosecinstitute.com/topic/return-oriented-programming-rop-attacks/)\n- [dest-3 - OSED Resources](https://github.com/dest-3/OSED_Resources)\n- [mrtouch93 - OSED Notes](https://github.com/mrtouch93/OSED-Notes)\n- [wry4n - OSED Scripts](https://github.com/wry4n/osed-scripts)\n- [r0r0x-xx - OSED Pre](https://github.com/r0r0x-xx/OSED-Pre)\n\n### Reviews\n\n\n- [YouTube - aWHL9hIKTCA](https://www.youtube.com/watch?v=aWHL9hIKTCA)\n- [YouTube - 62mWZ1xd8eM](https://www.youtube.com/watch?v=62mWZ1xd8eM)\n- [ihack4falafel - Offensive Security AWEOSEE Review](https://ihack4falafel.github.io/Offensive-Security-AWEOSEE-Review/)\n- [LinkedIn - Advanced Windows Exploitation (OSEE) Review - Etizaz Mohsin](https://www.linkedin.com/pulse/advanced-windows-exploitation-osee-review-etizaz-mohsin-/)\n- [Animal0day - Reviews for OSCP, OSCE, OSEE, and Corelan](https://animal0day.blogspot.com/2018/11/reviews-for-oscp-osce-osee-and-corelan.html)\n- [AddaxSoft - Offensive Security Advanced Windows Exploitation (AWE/OSEE) Review](https://addaxsoft.com/blog/offensive-security-advanced-windows-exploitation-awe-osee-review/)\n- [jhalon - OSCE Review](https://jhalon.github.io/OSCE-Review/)\n- [YouTube - NAe6f1_XG6Q](https://www.youtube.com/watch?v=NAe6f1_XG6Q)\n- [SpaceRaccoon - ROP and Roll EXP-301 Offensive Security Exploit Development (OSED) Review](https://spaceraccoon.dev/rop-and-roll-exp-301-offensive-security-exploit-development-osed-review-and)\n- [kuhi.to - OFFSEC EXP301 OSED Review](https://blog.kuhi.to/offsec-exp301-osed-review)\n- [epi052 - Windows Usermode Exploit Development Review](https://epi052.gitlab.io/notes-to-self/blog/2021-06-16-windows-usermode-exploit-development-review/)\n- [SpaceRaccoon - ROP and Roll EXP-301 Offensive Security Exploit Development (OSED) Review](https://spaceraccoon.dev/rop-and-roll-exp-301-offensive-security-exploit-development-osed-review-and/)\n- [YouTube - NAe6f1_XG6Q](https://www.youtube.com/watch?v=NAe6f1_XG6Q)\n- [LinkedIn - Offensive Security Certified Expert 3 (OSCE3) - Cristian Cornea](https://www.linkedin.com/posts/cristian-cornea-b37005178_offensive-security-certified-expert-3-osce3-activity-7006233011746709505-1WCG/)\n- [NOP Blog - OSED](https://nop-blog.tech/blog/osed/)\n- [Deep Hacking - OSED Review](https://deephacking.tech/osed-review/)\n- [OSED Review – Navigating The Shadows](https://red.0xbad53c.com/training-reviews/offensive-security/osed)\n- [OSED Review - cydtseng](https://medium.com/@cydtseng/offsec-exploit-developer-osed-course-review-and-exam-preparation-tips-637a208934b8)\n- [OSED Review - insanitys](https://insanitys.medium.com/osed-review-cheatsheet-ad55b8aab1e2)\n- [OSCE3 Journey - Fabian](https://fabian-lim.com/my-journey-to-osce3-1a86d42a114d)\n\n### Labs\n\n- [CyberSecurityUP - Buffer Overflow Labs](https://github.com/CyberSecurityUP/Buffer-Overflow-Labs)\n- [ihack4falafel - OSCE](https://github.com/ihack4falafel/OSCE)\n- [nathunandwani - CTP OSCE](https://github.com/nathunandwani/ctp-osce)\n- [sufyandaredevil - OSED - Exploiting SEH Overflows](https://github.com/sufyandaredevil/OSED/blob/main/03_exploiting_seh_overflows.md)\n- [firmianay - Life-long Learner - SEED Labs - Buffer Overflow Vulnerability Lab](https://github.com/firmianay/Life-long-Learner/blob/master/SEED-labs/buffer-overflow-vulnerability-lab.md)\n- [wadejason - Buffer Overflow Vulnerability Lab](https://github.com/wadejason/Buffer-Overflow-Vulnerability-Lab)\n- [Jeffery-Liu - Buffer Overflow Vulnerability Lab](https://github.com/Jeffery-Liu/Buffer-Overflow-Vulnerability-Lab)\n- [mutianxu - SEED LAB - Buffer Overflow Attack](https://github.com/mutianxu/SEED-LAB-Bufferoverflow_attack)\n- [INE - Windows Exploit Development](https://my.ine.com/CyberSecurity/courses/54819bbb/windows-exploit-development)\n- [Connor McGarr - Browser Exploit](https://connormcgarr.github.io/browser1/)\n- [Coalfire Blog - The Basics of Exploit Development](https://www.coalfire.com/the-coalfire-blog/january-2020/the-basics-of-exploit-development-1)\n- [Pentest Magazine - Exploit Development Windows](https://pentestmag.com/product/exploit-development-windows-w38/)\n- [Steflan Security - Complete Guide to Stack Buffer Overflow (OSCP)](https://steflan-security.com/complete-guide-to-stack-buffer-overflow-oscp/#:~:text=Stack%20buffer%20overflow%20is%20a,of%20the%20intended%20data%20structure)\n- [Offensive Security - EVOCAM Remote Buffer Overflow on OSX](https://www.offensive-security.com/vulndev/evocam-remote-buffer-overflow-on-osx/)\n- [Exploit-DB - Exploit 42928](https://www.exploit-db.com/exploits/42928)\n- [Exploit-DB - Exploit 10434](https://www.exploit-db.com/exploits/10434)\n- [OCW CS PUB RO - Lab 08](https://ocw.cs.pub.ro/courses/cns/labs/lab-08)\n- [epi052 - OSED Scripts](https://github.com/epi052/osed-scripts)\n- [PWN College](https://pwn.college/)\n- [CEDS by Red Team Leaders](https://courses.redteamleaders.com/exams/dea865ef-8649-4a4a-8002-83a725f7338d)\n\n## OSEE\n\n### Content\n\n- Bypass and evasion of user mode security mitigations such as DEP, ASLR, CFG, ACG and CET\n- Advanced heap manipulations to obtain code execution along with guest-to-host and sandbox escapes\n- Disarming WDEG mitigations and creating version independence for weaponization\n- 64-Bit Windows Kernel Driver reverse engineering and vulnerability discovery\n- Bypass of kernel mode security mitigations such as kASLR, NX, SMEP, SMAP, kCFG and HVCI\n\n### Study Materials\n\n- [Advanced Windows Exploitation (OSEE) Review – Etizaz Mohsin](https://www.linkedin.com/pulse/advanced-windows-exploitation-osee-review-etizaz-mohsin-/)\n- [State of Exploit Development Part 2 – CrowdStrike](https://www.crowdstrike.com/blog/state-of-exploit-development-part-2/)\n- [BlackHat – Windows Kernel Exploitation (Video)](https://www.youtube.com/watch?v=pH6qocUEor0\u0026ab_channel=BlackHat)\n- [NCC Group – Windows Exploit Mitigations](https://github.com/nccgroup/exploit_mitigations/blob/master/windows_mitigations.md)\n- [Sandbox Escapes Collection – TechnoHerder](https://hack.technoherder.com/sandbox-escapes/)\n- [Zero Day Initiative – Kernel Exploitation (1)](https://www.youtube.com/watch?v=LUH6ZxYNJFg\u0026ab_channel=ZeroDayInitiative)\n- [Zero Day Initiative – Kernel Exploitation (2)](https://www.youtube.com/watch?v=NDuWcGn5hTQ\u0026ab_channel=ZeroDayInitiative)\n- [BlackHat – Bypassing Modern Windows Protections](https://www.youtube.com/watch?v=p0OaGMlBb2k\u0026ab_channel=BlackHat)\n- [VirtualBox E1000 0-Day](https://github.com/MorteNoir1/virtualbox_e1000_0day)\n- [Palantir – Assessing Effectiveness of Defender Exploit Guard](https://blog.palantir.com/assessing-the-effectiveness-of-a-new-security-data-source-windows-defender-exploit-guard-860b69db2ad2)\n- [ExploitGuard – Palantir GitHub](https://github.com/palantir/exploitguard)\n- [Windows Classic Samples – Microsoft](https://github.com/microsoft/Windows-classic-samples)\n- [How to Hook Windows API using C++](https://github.com/SofianeHamlaoui/Pentest-Notes/blob/master/offensive-security/code-injection-process-injection/how-to-hook-windows-api-using-c%2B%2B.md)\n- [Windows API with Python](https://github.com/ndeepak-zzzz/Windows-API-with-Python)\n- [Windows API for Pentesting – int0x33](https://int0x33.medium.com/day-59-windows-api-for-pentesting-part-1-178c6ba280cb)\n\n### Reviews\n\n- [AWEOSEE Review – ihack4falafel](https://ihack4falafel.github.io/Offensive-Security-AWEOSEE-Review/)\n- [Advanced Windows Exploitation Review – Richard Osgood](https://www.richardosgood.com/posts/advanced-windows-exploitation-review/)\n- [OSEE Review Video – David Alves](https://www.youtube.com/watch?v=srJ1ICC4ON8\u0026ab_channel=DavidAlvesWeb)\n- [My Offensive Security Journey – 0xInyiak](https://medium.com/@0xInyiak/my-offensive-security-journey-part-1-5ffbd66fe0c2)\n- [OSEE Review](https://xn--tj3a.tw/posts/OSEE_Review_EXP-401_Advanced_Windows_Exploitation_ENG/)\n- [OSEE Review by Jake Mayhew](https://medium.com/@jake.mayhew/exp-401-osee-review-offensive-security-exploitation-expert-508f3357851d)\n- [Journey OSEE](https://io.cyberdefense.jp/en/entry/journey-to-osee-beyond-try-harder/)\n- [OSEE Ultimate Guide](https://flashgenius.net/blog-article/osee-certification-the-ultimate-2025-guide)\n\n### Labs\n\n- [EXP-401-OSEE – BLACKHAT-SSG](https://github.com/BLACKHAT-SSG/EXP-401-OSEE)\n- [OSEE – timip](https://github.com/timip/OSEE)\n- [OSEE – dhn](https://github.com/dhn/OSEE)\n- [AWE-OSEE-Prep – orangice](https://github.com/orangice/AWE-OSEE-Prep)\n- [AWE-OSEE-Prep – matthiaskonrath](https://github.com/matthiaskonrath/AWE-OSEE-Prep)\n- [OSEE – ihack4falafel](https://github.com/ihack4falafel/OSEE)\n- [OSEE – gscamelo](https://github.com/gscamelo/OSEE)\n- [3XPL01t5 – w4fz5uck5](https://github.com/w4fz5uck5/3XPL01t5)\n- [CWDE - Red Team Leaders](https://courses.redteamleaders.com/exams/6dd6c07f-b8f5-49a5-aa0c-6e4da3fe1819)\n\n## OSCE³ OffSec Resources\n\n- [OffSec Courses Tools](https://www.kali.org/tools/offsec-courses/)\n\n## Social Network\n\n### [Joas Antonio - Linkedin](https://www.linkedin.com/in/joas-antonio-dos-santos)\n### [CyberSceurityUP- GitHub](https://github.com/CyberSecurityUP)\n### [C0d3Cr4zy - Twitter](https://twitter.com/C0d3Cr4zy)\n\n### [Filipi Pires - Linkedin](https://www.linkedin.com/in/filipipires/)\n### [Filipi Pires - GitHub](https://github.com/filipi86)\n### [Filipi Pires - Twitter](https://twitter.com/FilipiPires)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcybersecurityup%2Fosce3-complete-guide","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcybersecurityup%2Fosce3-complete-guide","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcybersecurityup%2Fosce3-complete-guide/lists"}