Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.
Awesome Lists | Featured Topics | Projects
https://github.com/CyberSecurityUP/OSCE3-Complete-Guide

OSWE, OSEP, OSED, OSEE
https://github.com/CyberSecurityUP/OSCE3-Complete-Guide
Last synced: 4 days ago
JSON representation
OSWE, OSEP, OSED, OSEE
Host: GitHub
URL: https://github.com/CyberSecurityUP/OSCE3-Complete-Guide
Owner: CyberSecurityUP
Created: 2021-06-16T21:16:32.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2024-06-16T03:06:42.000Z (5 months ago)
Last Synced: 2024-10-16T06:25:21.180Z (26 days ago)
Homepage:
Size: 199 KB
Stars: 2,614
Watchers: 75
Forks: 542
Open Issues: 2
Metadata Files:
- Readme: README.md
Awesome Lists containing this project

README

        # OSCE³ and OSEE Study Guide [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)

## OSWE

### Content

- Web security tools and methodologies

- Source code analysis

- Persistent cross-site scripting

- Session hijacking

- .NET deserialization

- Remote code execution

- Blind SQL injections

- Data exfiltration

- Bypassing file upload restrictions and file extension filters

- PHP type juggling with loose comparisons

- PostgreSQL Extension and User Defined Functions

- Bypassing REGEX restrictions

- Magic hashes

- Bypassing character restrictions

- UDF reverse shells

- PostgreSQL large objects

- DOM-based cross site scripting (black box)

- Server side template injection

- Weak random token generation

- XML External Entity Injection

- RCE via database Functions

- OS Command Injection via WebSockets (BlackBox)

### Study Materials

1. [timip-GitHub](https://github.com/timip/OSWE)- Reference guide

2. [noraj-GitHub](https://github.com/noraj/AWAE-OSWE) - Reference guide

3. [wetw0rk-Github](https://github.com/wetw0rk/AWAE-PREP) - Reference guide

4. [kajalNair-Github](https://github.com/kajalNair/OSWE-Prep) - Reference guide

5. [s0j0hn-Github](https://github.com/s0j0hn/AWAE-OSWE-Prep) - Reference guide

6. [deletehead-Github](https://github.com/deletehead/awae_oswe_prep) - Reference guide

7. [z-r0crypt](https://z-r0crypt.github.io/blog/2020/01/22/oswe/awae-preparation/) - Reference guide

8. [rayhan0x01](https://rayhan0x01.github.io/web/2021/04/12/awae-web-300-oswe-guide-2021.html) - Reference guide

9. [Nathan-Rague](https://hub.schellman.com/blog/oswe-review-and-exam-preparation-guide) - Reference guide

10. [Joas Content](https://drive.google.com/file/d/1bASc-SLmuD0tXmd88h0QclRSpUu_rvnF/view?usp=sharing) - Reference guide

11. [Lawlez-Github](https://github.com/Lawlez/myOSWE) - Reference guide

12. [0xb120](https://github.com/0xb120/cheatsheets_and_ctf-notes/blob/main/OSWE%20preparation.md) - Reference Guide

13. [Jaelkoh](https://infosec.jaelkoh.com/2024/my-first-year-in-infosec-zero-to-osce3)

### Vulnerabilities

1. [XXE Injection](https://www.hackingarticles.in/comprehensive-guide-on-xxe-injection/)

2. [CSRF](https://www.hackingarticles.in/understanding-the-csrf-vulnerability-a-beginners-guide/)

3. [Cross-Site Scripting Exploitation](https://www.hackingarticles.in/cross-site-scripting-exploitation/)

4. [Cross-Site Scripting (XSS)](https://www.hackingarticles.in/comprehensive-guide-on-cross-site-scripting-xss/)

5. [Unrestricted File Upload](https://www.hackingarticles.in/comprehensive-guide-on-unrestricted-file-upload/)

6. [Open Redirect](https://www.hackingarticles.in/comprehensive-guide-on-open-redirect/)

7. [Remote File Inclusion (RFI)](https://www.hackingarticles.in/comprehensive-guide-to-remote-file-inclusion-rfi/)

8. [HTML Injection](https://www.hackingarticles.in/comprehensive-guide-on-html-injection/)

9. [Path Traversal](https://www.hackingarticles.in/comprehensive-guide-on-path-traversal/)

10. [Broken Authentication & Session Management](https://www.hackingarticles.in/comprehensive-guide-on-broken-authentication-session-management/)

11. [OS Command Injection](https://www.hackingarticles.in/comprehensive-guide-on-os-command-injection/)

12. [Multiple Ways to Banner Grabbing](https://www.hackingarticles.in/multiple-ways-to-banner-grabbing/)

13. [Local File Inclusion (LFI)](https://www.hackingarticles.in/comprehensive-guide-to-local-file-inclusion/)

14. [Netcat for Pentester](https://www.hackingarticles.in/netcat-for-pentester/)

15. [WPScan:WordPress Pentesting Framework](https://www.hackingarticles.in/wpscanwordpress-pentesting-framework/)

16. [WordPress Pentest Lab Setup in Multiple Ways](https://www.hackingarticles.in/wordpress-pentest-lab-setup-in-multiple-ways/)

17. [Multiple Ways to Crack WordPress login](https://www.hackingarticles.in/multiple-ways-to-crack-wordpress-login/)

18. [Web Application Pentest Lab Setup on AWS](https://www.hackingarticles.in/web-application-pentest-lab-setup-on-aws)

19. [Web Application Lab Setup on Windows](https://www.hackingarticles.in/web-application-lab-setup-on-windows/)

20. [Web Application Pentest Lab setup Using Docker](https://www.hackingarticles.in/web-application-pentest-lab-setup-using-docker/)

21. [Web Shells Penetration Testing](https://www.hackingarticles.in/web-shells-penetration-testing/)

22. [SMTP Log Poisoning](https://www.hackingarticles.in/smtp-log-poisioning-through-lfi-to-remote-code-exceution/)

23. [HTTP Authentication](https://www.hackingarticles.in/multiple-ways-to-exploiting-http-authentication/)

24. [Understanding the HTTP Protocol](https://www.hackingarticles.in/understanding-http-protocol/)

25. [Broken Authentication & Session Management](https://www.hackingarticles.in/comprehensive-guide-on-broken-authentication-session-management/)

26. [Apache Log Poisoning through LFI](https://www.hackingarticles.in/apache-log-poisoning-through-lfi/)

27. [Beginner’s Guide to SQL Injection (Part 1)](https://www.hackingarticles.in/beginner-guide-sql-injection-part-1/)

28. [Boolean Based](https://www.hackingarticles.in/beginner-guide-sql-injection-boolean-based-part-2/)

29. [How to Bypass SQL Injection Filter](https://www.hackingarticles.in/bypass-filter-sql-injection-manually/)

30. [Form Based SQL Injection](https://www.hackingarticles.in/form-based-sql-injection-manually/)

31. [Dumping Database using Outfile](https://www.hackingarticles.in/dumping-database-using-outfile/)

32. [IDOR](https://www.hackingarticles.in/beginner-guide-insecure-direct-object-references/)

### Reviews

1. [OSWE Review](https://www.helviojunior.com.br/it/oswe-uma-historia-de-insucessos/) - Portuguese Content

2. [0xklaue](https://0xklaue.medium.com/attacking-the-web-the-offensive-security-way-b38bea609318)

3. [greenwolf security](https://medium.com/greenwolf-security/an-awae-oswe-review-2020-update-6d6ec7a80c1f)

4. [Cristian R](https://securitygrind.com/the-oswe-in-review/)

5. [21y4d](https://forum.hackthebox.eu/discussion/2646/oswe-exam-review-2020-notes-gifts-inside) - Exam Reviews

6. [Marcin Szydlowski](https://infosecwriteups.com/awae-oswe-review-from-a-non-developer-perspective-2c2842cfbd4d)

7. [Nathan Rague](https://hub.schellman.com/blog/oswe-review-and-exam-preparation-guide)

8. [Elias Dimopoulos](https://www.linkedin.com/pulse/awaeoswe-2020-expected-review-elias-dimopoulos/)

9. [OSWE Review - Tips & Tricks](https://www.youtube.com/watch?v=ElZ7fFE9Gr4) - OSWE Review - Tips & Tricks

10. [Alex-labs](https://alex-labs.com/my-awae-review-becoming-an-oswe/)

11. [niebardzo Github](https://niebardzo.github.io/2021-01-12-oswe-review/) - Exam Review

12. [Marcus Aurelius](https://stacktrac3.co/oswe-review-awae-course/)

13. [yakuhito](https://blog.kuhi.to/offsec-awae-oswe-review)

14. [donavan.sg](https://donavan.sg/blog/index.php/2020/03/14/the-awae-oswe-journey-a-review/)

15. [Alexei Kojenov](https://kojenov.com/2020-04-08-oswe-review/)

16. [(OSWE)-Journey & Review](https://www.youtube.com/watch?v=wDev3q8lADE) - Offensive Security Web Expert (OSWE) - Journey & Review

17. [Patryk Bogusz](https://niebardzo.github.io/2021-01-12-oswe-review/)

18. [svdwi GitHub](https://github.com/svdwi/OSWE-Labs-Poc) - OSWE Labs POC

19. [Werebug.com ](https://werebug.com/journal/oswe/osep/2021/08/05/oswe-and-osep-obtained-what-next.html) - OSWE and OSEP

20. [jvesiluoma](https://www.vesiluoma.com/offensive-security-web-expert-oswe-advanced-web-attacks-and-exploitation/)

21. [ApexPredator](https://github.com/ApexPredator-InfoSec/AWAE-OSWE)

22. [Thomas Peterson](https://tpetersonkth.github.io/2022/04/16/OSWE-Review.html)

23. [NOH4TS](https://n0h4ts.medium.com/how-i-pass-oswe-on-the-first-try-2022-92ffaee1e636)

24. [Alex](https://alex-labs.com/my-awae-review-becoming-an-oswe/)

25. [RCESecurity](https://www.rcesecurity.com/2022/04/AWAE-Course-and-OSWE-Exam-Review/)

26. [Dhakal](https://dhakal-ananda.com.np/non-technical/2023/02/09/oswe-journey.html)

27. [Karol Mazurek](https://karol-mazurek95.medium.com/oswe-preparation-5d2d5f0e2cba)

28. [4PFSec](https://4pfsec.com/oswe)

29. [Cobalt.io](https://www.cobalt.io/blog/awae-oswe-for-humans)

30. [hakansonay](https://hakansonay.medium.com/the-oswe-review-and-exam-preparation-guide-e37886046b23)

31. [Jake Mayhew](https://medium.com/@jake.mayhew/web-300-oswe-review-offsec-web-expert-46074fbdb237)

32. [Organic Security](https://www.organicsecurity.in/2024/01/oswe-by-offsec-detailed-review.html)

33. [Bitten Tech](https://www.youtube.com/watch?v=k1NExrTNfks)

### Extra Content 

1. [OSWE labs](https://www.youtube.com/watch?v=F46tQww_IvE) - OSWE labs and exam's review/guide

2. [HTB Machine](https://www.youtube.com/watch?v=NMGsnPSm8iw&list=PLidcsTyj9JXKTnpphkJ310PVVGF-GuZA0)

3. [Deserialization](https://www.youtube.com/watch?v=t-zVC-CxYjw&list=PLL5n_4gj5JCw1aRrlVbdMCAugNz-ia3Wh)

7. [B1twis3](https://medium.com/@fasthm00/the-state-of-oswe-c68150210fe4)

9. [jangelesg GitHub](https://github.com/jangelesg/AWAE-OSWE)

10. [rootshooter](https://github.com/rootshooter/oswe-prep-2022)

11. [svdwi](https://github.com/svdwi/OSWE-Labs-Poc)

## OSEP

### Content

- Operating System and Programming Theory

- Client Side Code Execution With Office

- Client Side Code Execution With Jscript

- Process Injection and Migration

- Introduction to Antivirus Evasion

- Advanced Antivirus Evasion

- Application Whitelisting

- Bypassing Network Filters

- Linux Post-Exploitation

- Kiosk Breakouts

- Windows Credentials

- Windows Lateral Movement

- Linux Lateral Movement

- Microsoft SQL Attacks

- Active Directory Exploitation

- Combining the Pieces

- Trying Harder: The Labs

### Study Materials

- [OSEP Code Snippets](https://github.com/chvancooten/OSEP-Code-Snippets)

- [Experienced Pentester OSEP](https://github.com/nullg0re/Experienced-Pentester-OSEP)

- [OSEP Pre](https://github.com/r0r0x-xx/OSEP-Pre)

- [PEN 300 OSEP Prep](https://github.com/deletehead/pen_300_osep_prep)

- [OSEP Thoughts](https://github.com/J3rryBl4nks/OSEP-Thoughts)

- [OSEP Code Snippets README](https://github.com/chvancooten/OSEP-Code-Snippets/blob/main/README.md)

- [Osep](https://github.com/aldanabae/Osep)

- [Google Drive File](https://drive.google.com/file/d/1znezUNtghkcFhwfKMZmeyNrtdbwBXRsz/view?usp=sharing)

- [Awesome Red Team Operations](https://github.com/CyberSecurityUP/Awesome-Red-Team-Operations)

- [OSEP Study Guide 2022 - João Paulo de Andrade Filho](https://www.linkedin.com/pulse/osep-study-guide-2022-jo%C3%A3o-paulo-de-andrade-filho/)

- [OSEP PREP Useful Resources Payloads](https://github.com/Ross46/OSEP-PREP/blob/main/Useful%20Resources/Payloads.md)

- [OSEP in3x0rab13](https://github.com/In3x0rabl3/OSEP)

### Reviews

- [nullg0re](https://nullg0re.com/?p=113)

- [SpaceRaccoon Dev](https://spaceraccoon.dev/offensive-security-experienced-penetration-tester-osep-review-and-exam)

- [HackSouth YouTube](https://www.youtube.com/watch?v=fA3pkNcGpH0&ab_channel=HackSouth)

- [Schellman](https://www.schellman.com/blog/osep-and-pen-300-course-review)

- [Cinzinga](https://cinzinga.com/OSEP-PEN-300-Review/)

- [YouTube iUPyiJbN4l4](https://www.youtube.com/watch?v=iUPyiJbN4l4)

- [BorderGate](https://www.bordergate.co.uk/offensive-security-experienced-penetration-tester-osep-review/)

- [Reddit OSEP Review](https://www.reddit.com/r/osep/comments/ldhc20/osep_review/)

- [Reddit OSCP Review](https://www.reddit.com/r/oscp/comments/jj0sr9/offensive_security_experienced_penetration_tester/)

- [Purpl3F0xSecur1ty](https://www.purpl3f0xsecur1ty.tech/2021/03/18/osep.html)

- [MakoSecBlog](https://makosecblog.com/miscellaneous/osep-course-review/)

- [YouTube iUPyiJbN4l4](https://www.youtube.com/watch?v=iUPyiJbN4l4&t=1s)

- [YouTube 15sv5eZ0oCM](https://www.youtube.com/watch?v=15sv5eZ0oCM)

- [YouTube 0n3Li63PwnQ](https://www.youtube.com/watch?v=0n3Li63PwnQ)

- [YouTube BWNzB1wIEQ](https://www.youtube.com/watch?v=BWNzB1wIEQ)

- [SpaceRaccoon Dev](https://spaceraccoon.dev/offensive-security-experienced-penetration-tester-osep-review-and-exam)

- [Cas van Cooten](https://casvancooten.com/posts/2021/03/getting-the-osep-certification-evasion-techniques-and-breaching-defenses-pen-300-course-review/)

- [BorderGate](https://www.bordergate.co.uk/offensive-security-experienced-penetration-tester-osep-review/)

- [MakoSecBlog](https://makosecblog.com/miscellaneous/osep-course-review/)

- [David Lebr1 GitBook](https://davidlebr1.gitbook.io/infosec/blog/osep-review)

- [Offensive Security](https://www.offensive-security.com/offsec/pen300-approach-review/)

- [João Paulo de Andrade Filho LinkedIn](https://www.linkedin.com/pulse/osep-study-guide-2022-jo%C3%A3o-paulo-de-andrade-filho/)

- [YouTube R1apMwbVuDs](https://www.youtube.com/watch?v=R1apMwbVuDs)

- [YouTube iUPyiJbN4l4](https://www.youtube.com/watch?v=iUPyiJbN4l4)

- [Cristian Cornea Medium](https://corneacristian.medium.com/tips-for-offensive-security-experienced-penetration-tester-osep-certification-92f3801428c3)

- [Security Boulevard](https://securityboulevard.com/2023/05/osep-review/)

- [YouTube R1apMwbVuDs](https://www.youtube.com/watch?v=R1apMwbVuDs&ab_channel=Conda)

- [Fluid Attacks](https://fluidattacks.com/blog/osep-review/)

- [Heartburn.dev](https://heartburn.dev/osep-review-2021-offensive-security-experienced-pentester/)

- [YouTube FVZkVZKIyOA](https://www.youtube.com/watch?v=FVZkVZKIyOA&ab_channel=FantasM)

- [RootJaxk](https://rootjaxk.github.io/posts/OSEP/)

- [Dhruvagoyal](https://dhruvagoyal.medium.com/cracking-the-osep-exam-a-48-hour-marathon-to-victory-c0021cd15c3c)

- [IT Security Labs](https://www.youtube.com/watch?v=5SEgaUhVCcE)

- [Benjamen Lim](https://westsideelectronics.com/osep-in-2024/)

- [Marmeus](https://marmeus.com/post/OSEP)

- [Winslow](https://winslow1984.com/books/notes-beK/page/backup-osep-and-oswe-review)

- [Jakob Bo Moller](https://www.linkedin.com/pulse/my-osep-experience-jakob-bo-m%C3%B8ller-0taze/)

- [swzhouu](https://medium.com/secure-d/offsec-experienced-penetration-tester-osep-2024-review-9183343d7453)

### Labs

- [SpaceRaccoon Dev - OSEP Review and Exam](https://spaceraccoon.dev/offensive-security-experienced-penetration-tester-osep-review-and-exam)

- [Exploit-DB - Evasion Techniques Breaching Defenses](https://www.exploit-db.com/evasion-techniques-breaching-defenses)

- [OSCP Exam Report Template Markdown](https://noraj.github.io/OSCP-Exam-Report-Template-Markdown/)

- [Offensive Security - OSEP Exam FAQ](https://help.offensive-security.com/hc/en-us/articles/360049781352-OSEP-Exam-FAQ)

- [CyberEagle - OSEP Review](https://www.cybereagle.io/blog/osep-review/)

- [PentestLab - Defense Evasion](https://pentestlab.blog/category/red-team/defense-evasion/)

- [PentestLab - Antivirus Evasion](https://pentestlab.blog/tag/antivirus-evasion/)

- [PentestLaboratories - Process Herpaderping Windows Defender Evasion](https://pentestlaboratories.com/2021/01/18/process-herpaderping-windows-defender-evasion/)

- [YouTube - PentesterAcademyTV](https://www.youtube.com/watch?v=dS0GcSA7kEw&ab_channel=PentesterAcademyTV)

- [YouTube - PacktVideo](https://www.youtube.com/watch?v=cqxOS9uQL_c&ab_channel=PacktVideo)

- [YouTube - PentesterAcademyTV](https://www.youtube.com/watch?v=ZaJpDeLvo6I&ab_channel=PentesterAcademyTV)

- [GitHub - In3x0rabl3/OSEP](https://github.com/In3x0rabl3/OSEP)

- [GitHub - timip/OSEP](https://github.com/timip/OSEP)

## OSED

### Content

- WinDbg tutorial

- Stack buffer overflows

- Exploiting SEH overflows

- Intro to IDA Pro

- Overcoming space restrictions: Egghunters

- Shellcode from scratch

- Reverse-engineering bugs

- Stack overflows and DEP/ASLR bypass

- Format string specifier attacks

- Custom ROP chains and ROP payload decoders

### Study Materials

- [snoopysecurity - OSCE Prep](https://github.com/snoopysecurity/OSCE-Prep)

- [epi052 - OSED Scripts](https://github.com/epi052/osed-scripts)

- [Exploit-DB - Windows User Mode Exploit Development](https://www.exploit-db.com/windows-user-mode-exploit-development)

- [r0r0x-xx - OSED Pre](https://github.com/r0r0x-xx/OSED-Pre)

- [sradley - OSED](https://github.com/sradley/osed)

- [Nero22k - Exploit Development](https://github.com/Nero22k/Exploit_Development)

- [YouTube - 7PMw9GIb8Zs](https://www.youtube.com/watch?v=7PMw9GIb8Zs)

- [YouTube - FH1KptfPLKo](https://www.youtube.com/watch?v=FH1KptfPLKo)

- [YouTube - sOMmzUuwtmc](https://www.youtube.com/watch?v=sOMmzUuwtmc)

- [ExploitLab Blog](https://blog.exploitlab.net/)

- [Azeria Labs - Heap Exploit Development Part 1](https://azeria-labs.com/heap-exploit-development-part-1/)

- [ZeroKnights - Getting Started Exploit Lab](http://zeroknights.com/getting-started-exploit-lab/)

- [Google Drive File 1](https://drive.google.com/file/d/1poocO7AOMyBQBtDXvoaZ2dgkq3Zf1Wlb/view?usp=sharing)

- [Google Drive File 2](https://drive.google.com/file/d/1qPPs8DHbeJ6YIIjbsC-ZPMajUeSfXw6N/view?usp=sharing)

- [Google Drive File 3](https://drive.google.com/file/d/1RdkhmTIvD6H4uTNxWL4FCKISgVUbaupL/view?usp=sharing)

- [Corelan - Exploit Writing Tutorial Part 1: Stack Based Overflows](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/)

- [wtsxDev - Exploit Development](https://github.com/wtsxDev/Exploit-Development/blob/master/README.md)

- [corelan - Corelan Training](https://github.com/corelan/CorelanTraining)

- [subat0mik - Journey to OSCE](https://github.com/subat0mik/Journey_to_OSCE)

- [nanotechz9l - Corelan Exploit Tutorial Part 1: Stack Based Overflows](https://github.com/nanotechz9l/Corelan-Exploit-tutorial-part-1-Stack-Based-Overflows/blob/master/3%20eip_crash.rb)

- [snoopysecurity - OSCE Prep](https://github.com/snoopysecurity/OSCE-Prep)

- [bigb0sss - OSCE](https://github.com/bigb0sss/OSCE)

- [epi052 - OSCE Exam Practice](https://github.com/epi052/OSCE-exam-practice)

- [mdisec - OSCE Preparation](https://github.com/mdisec/osce-preparation)

- [mohitkhemchandani - OSCE BIBLE](https://github.com/mohitkhemchandani/OSCE_BIBLE)

- [FULLSHADE - OSCE](https://github.com/FULLSHADE/OSCE)

- [areyou1or0 - OSCE Exploit Development](https://github.com/areyou1or0/OSCE-Exploit-Development)

- [securityELI - CTP OSCE](https://github.com/securityELI/CTP-OSCE)

- [Google Drive File 4](https://drive.google.com/file/d/1MH9Tv-YTUVrqgLT3qJDBl8Ww09UyF2Xc/view?usp=sharing)

- [Coalfire Blog - The Basics of Exploit Development](https://www.coalfire.com/the-coalfire-blog/january-2020/the-basics-of-exploit-development-1)

- [Connor McGarr - Browser Exploit](https://connormcgarr.github.io/browser1/)

- [KaliTut - Exploit Development Resources](https://kalitut.com/exploit-development-resources/)

- [0xZ0F - Z0FCourse Exploit Development](https://github.com/0xZ0F/Z0FCourse_ExploitDevelopment)

- [dest-3 - OSED Resources](https://github.com/dest-3/OSED_Resources)

- [Infosec Institute - Python for Exploit Development](https://resources.infosecinstitute.com/topic/python-for-exploit-development-common-vulnerabilities-and-exploits/)

- [Anitian - A Study in Exploit Development Part 1: Setup and Proof of Concept](https://www.anitian.com/a-study-in-exploit-development-part-1-setup-and-proof-of-concept/)

- [Sam's Class - WWC 2014](https://samsclass.info/127/127_WWC_2014.shtml)

- [Stack Overflow - Exploit Development in Python 3](https://stackoverflow.com/questions/42615124/exploit-development-in-python-3)

- [CTF Writeups - Converting Metasploit Modules to Python](https://cd6629.gitbook.io/ctfwriteups/converting-metasploit-modules-to-python)

- [PacktPub - Networking and Servers](https://subscription.packtpub.com/book/networking_and_servers/9781785282324/8)

- [Cybrary - Exploit Development Part 5](https://www.cybrary.it/video/exploit-development-part-5/)

- [SpaceRaccoon - ROP and Roll EXP-301 Offensive Security Exploit Development (OSED) Review](https://spaceraccoon.dev/rop-and-roll-exp-301-offensive-security-exploit-development-osed-review-an)

- [Offensive Security - OSED Exam Guide](https://help.offensive-security.com/hc/en-us/articles/360052977212-OSED-Exam-Guide)

- [epi052 - OSED Scripts](https://github.com/epi052/osed-scripts)

- [YouTube - 0n3Li63PwnQ](https://www.youtube.com/watch?v=0n3Li63PwnQ)

- [epi052 - Windows Usermode Exploit Development Review](https://epi052.gitlab.io/notes-to-self/blog/2021-06-16-windows-usermode-exploit-development-review/)

- [PythonRepo - epi052 OSED Scripts](https://pythonrepo.com/repo/epi052-osed-scripts)

- [dhn - OSEE](https://github.com/dhn/OSEE)

- [PythonRepo - epi052 OSED Scripts](https://pythonrepo.com/repo/epi052-osed-scripts)

- [nop-tech - OSED](https://github.com/nop-tech/OSED)

- [Ired Team - ROP Chaining Return Oriented Programming](https://www.ired.team/offensive-security/code-injection-process-injection/binary-exploitation/rop-chaining-return-oriented-programming)

- [InfoSec Writeups - ROP Chains on ARM](https://infosecwriteups.com/rop-chains-on-arm-3f087a95381e)

- [YouTube - 8zRoMAkGYQE](https://www.youtube.com/watch?v=8zRoMAkGYQE)

- [Infosec Institute - Return Oriented Programming ROP Attacks](https://resources.infosecinstitute.com/topic/return-oriented-programming-rop-attacks/)

- [dest-3 - OSED Resources](https://github.com/dest-3/OSED_Resources)

- [mrtouch93 - OSED Notes](https://github.com/mrtouch93/OSED-Notes)

- [wry4n - OSED Scripts](https://github.com/wry4n/osed-scripts)

- [r0r0x-xx - OSED Pre](https://github.com/r0r0x-xx/OSED-Pre)

### Reviews

- [YouTube - aWHL9hIKTCA](https://www.youtube.com/watch?v=aWHL9hIKTCA)

- [YouTube - 62mWZ1xd8eM](https://www.youtube.com/watch?v=62mWZ1xd8eM)

- [ihack4falafel - Offensive Security AWEOSEE Review](https://ihack4falafel.github.io/Offensive-Security-AWEOSEE-Review/)

- [LinkedIn - Advanced Windows Exploitation (OSEE) Review - Etizaz Mohsin](https://www.linkedin.com/pulse/advanced-windows-exploitation-osee-review-etizaz-mohsin-/)

- [Animal0day - Reviews for OSCP, OSCE, OSEE, and Corelan](https://animal0day.blogspot.com/2018/11/reviews-for-oscp-osce-osee-and-corelan.html)

- [AddaxSoft - Offensive Security Advanced Windows Exploitation (AWE/OSEE) Review](https://addaxsoft.com/blog/offensive-security-advanced-windows-exploitation-awe-osee-review/)

- [jhalon - OSCE Review](https://jhalon.github.io/OSCE-Review/)

- [YouTube - NAe6f1_XG6Q](https://www.youtube.com/watch?v=NAe6f1_XG6Q)

- [SpaceRaccoon - ROP and Roll EXP-301 Offensive Security Exploit Development (OSED) Review](https://spaceraccoon.dev/rop-and-roll-exp-301-offensive-security-exploit-development-osed-review-and)

- [kuhi.to - OFFSEC EXP301 OSED Review](https://blog.kuhi.to/offsec-exp301-osed-review)

- [epi052 - Windows Usermode Exploit Development Review](https://epi052.gitlab.io/notes-to-self/blog/2021-06-16-windows-usermode-exploit-development-review/)

- [SpaceRaccoon - ROP and Roll EXP-301 Offensive Security Exploit Development (OSED) Review](https://spaceraccoon.dev/rop-and-roll-exp-301-offensive-security-exploit-development-osed-review-and/)

- [YouTube - NAe6f1_XG6Q](https://www.youtube.com/watch?v=NAe6f1_XG6Q)

- [LinkedIn - Offensive Security Certified Expert 3 (OSCE3) - Cristian Cornea](https://www.linkedin.com/posts/cristian-cornea-b37005178_offensive-security-certified-expert-3-osce3-activity-7006233011746709505-1WCG/)

- [NOP Blog - OSED](https://nop-blog.tech/blog/osed/)

- [Deep Hacking - OSED Review](https://deephacking.tech/osed-review/)

  

### Labs

- [CyberSecurityUP - Buffer Overflow Labs](https://github.com/CyberSecurityUP/Buffer-Overflow-Labs)

- [ihack4falafel - OSCE](https://github.com/ihack4falafel/OSCE)

- [nathunandwani - CTP OSCE](https://github.com/nathunandwani/ctp-osce)

- [sufyandaredevil - OSED - Exploiting SEH Overflows](https://github.com/sufyandaredevil/OSED/blob/main/03_exploiting_seh_overflows.md)

- [firmianay - Life-long Learner - SEED Labs - Buffer Overflow Vulnerability Lab](https://github.com/firmianay/Life-long-Learner/blob/master/SEED-labs/buffer-overflow-vulnerability-lab.md)

- [wadejason - Buffer Overflow Vulnerability Lab](https://github.com/wadejason/Buffer-Overflow-Vulnerability-Lab)

- [Jeffery-Liu - Buffer Overflow Vulnerability Lab](https://github.com/Jeffery-Liu/Buffer-Overflow-Vulnerability-Lab)

- [mutianxu - SEED LAB - Buffer Overflow Attack](https://github.com/mutianxu/SEED-LAB-Bufferoverflow_attack)

- [INE - Windows Exploit Development](https://my.ine.com/CyberSecurity/courses/54819bbb/windows-exploit-development)

- [Connor McGarr - Browser Exploit](https://connormcgarr.github.io/browser1/)

- [Coalfire Blog - The Basics of Exploit Development](https://www.coalfire.com/the-coalfire-blog/january-2020/the-basics-of-exploit-development-1)

- [Pentest Magazine - Exploit Development Windows](https://pentestmag.com/product/exploit-development-windows-w38/)

- [Steflan Security - Complete Guide to Stack Buffer Overflow (OSCP)](https://steflan-security.com/complete-guide-to-stack-buffer-overflow-oscp/#:~:text=Stack%20buffer%20overflow%20is%20a,of%20the%20intended%20data%20structure)

- [Offensive Security - EVOCAM Remote Buffer Overflow on OSX](https://www.offensive-security.com/vulndev/evocam-remote-buffer-overflow-on-osx/)

- [Exploit-DB - Exploit 42928](https://www.exploit-db.com/exploits/42928)

- [Exploit-DB - Exploit 10434](https://www.exploit-db.com/exploits/10434)

- [OCW CS PUB RO - Lab 08](https://ocw.cs.pub.ro/courses/cns/labs/lab-08)

- [epi052 - OSED Scripts](https://github.com/epi052/osed-scripts)

## OSEE

### Content

- Bypass and evasion of user mode security mitigations such as DEP, ASLR, CFG, ACG and CET

- Advanced heap manipulations to obtain code execution along with guest-to-host and sandbox escapes

- Disarming WDEG mitigations and creating version independence for weaponization

- 64-Bit Windows Kernel Driver reverse engineering and vulnerability discovery

- Bypass of kernel mode security mitigations such as kASLR, NX, SMEP, SMAP, kCFG and HVCI

### Study Materials

- https://www.linkedin.com/pulse/advanced-windows-exploitation-osee-review-etizaz-mohsin-/

- https://www.crowdstrike.com/blog/state-of-exploit-development-part-2/

- https://www.youtube.com/watch?v=pH6qocUEor0&ab_channel=BlackHat

- https://github.com/nccgroup/exploit_mitigations/blob/master/windows_mitigations.md

- https://hack.technoherder.com/sandbox-escapes/

- https://www.youtube.com/watch?v=LUH6ZxYNJFg&ab_channel=ZeroDayInitiative

- https://www.youtube.com/watch?v=NDuWcGn5hTQ&ab_channel=ZeroDayInitiative

- https://www.youtube.com/watch?v=p0OaGMlBb2k&ab_channel=BlackHat

- https://github.com/MorteNoir1/virtualbox_e1000_0day

- https://blog.palantir.com/assessing-the-effectiveness-of-a-new-security-data-source-windows-defender-exploit-guard-860b69db2ad2

- https://github.com/palantir/exploitguard

- https://github.com/microsoft/Windows-classic-samples

- https://github.com/SofianeHamlaoui/Pentest-Notes/blob/master/offensive-security/code-injection-process-injection/how-to-hook-windows-api-using-c%2B%2B.md

- https://github.com/ndeepak-zzzz/Windows-API-with-Python

- https://int0x33.medium.com/day-59-windows-api-for-pentesting-part-1-178c6ba280cb

### Reviews

- https://ihack4falafel.github.io/Offensive-Security-AWEOSEE-Review/

- https://www.richardosgood.com/posts/advanced-windows-exploitation-review/

- https://www.youtube.com/watch?v=srJ1ICC4ON8&ab_channel=DavidAlvesWeb

- https://medium.com/@0xInyiak/my-offensive-security-journey-part-1-5ffbd66fe0c2

### Labs

- https://github.com/BLACKHAT-SSG/EXP-401-OSEE

- https://github.com/timip/OSEE

- https://github.com/dhn/OSEE

- https://github.com/orangice/AWE-OSEE-Prep

- https://github.com/matthiaskonrath/AWE-OSEE-Prep

- https://github.com/ihack4falafel/OSEE

- https://github.com/gscamelo/OSEE

- https://github.com/w4fz5uck5/3XPL01t5

## Social Network

### [Joas Antonio - Linkedin](https://www.linkedin.com/in/joas-antonio-dos-santos)

### [CyberSceurityUP- GitHub](https://github.com/CyberSecurityUP)

### [C0d3Cr4zy - Twitter](https://twitter.com/C0d3Cr4zy)

### [Filipi Pires - Linkedin](https://www.linkedin.com/in/filipipires/)

### [Filipi Pires - GitHub](https://github.com/filipi86)

### [Filipi Pires - Twitter](https://twitter.com/FilipiPires)