A bunch of resources to prepare for the OSEE certification, Offensive Security's hardest course. I will personally use this repository myself, and upload my own proof-of-concept exploits for some of these bugs. I will also be actively updated this repository with more resources and other suggested exploits to try out yourself!
"Modern exploits for Windows-based platforms require modern bypass methods to circumvent Microsoft’s defenses. In Advanced Windows Exploitation (EXP-401), OffSec challenges students to develop creative solutions that work in today’s increasingly difficult exploitation environment.
The case studies in AWE are large, well-known applications that are widely deployed in enterprise networks. The course dives deep into topics ranging from security mitigation bypass techniques to complex heap manipulations and 64-bit kernel exploitation.
AWE is a particularly demanding penetration testing course. It requires a significant amount of student-instructor interaction. Therefore, we limit AWE courses to a live, hands-on environment.
This is the hardest course we offer and it requires a significant time investment. Students need to commit to reading case studies and reviewing the provided reading material each evening."
I have been informed that the case studies in this repository are out-of-date. After looking over their syllabus provided here, I will ensure to update this repository when I am available (this weekend?). If you have any questions, concerns, concerning questions, or suggestions, please feel free to create an issue on this repository. I will work to resolve it.
- HackSys Extreme Vulnerable Driver
- CVE-2010-0705, CVE-2009-3523, CVE-2008-1625
- CVE-2011-2005 / MS11-080
- CVE-2014-4113 / MS14-058