Advanced Windows Exploitation

Provided by Offensive Security
Certificate of Completion
Qualification level
Certificate of Completion
Las Vegas, NV
Study type
5 days
View website

About the course

Advanced Windows Exploitation (AWE)

Develop exploits in modern Windows Enviroments

  • Live-training format with ample student-instructor interaction
  • Develop creative solutions for the most difficult exploitation environments
  • Designed for experienced exploit developers, AWE is not an entry-level course.
  • Earn the Offensive Security Exploitation Expert (OSEE) certification after passing the 72-hour performance-based exam
  • Master course content while thinking laterally and adapting to new challenges to become an OSEE

AWE Registration Options 

Advanced Windows Exploitation is especially demanding, requiring a great deal of student-instructor interaction. For this reason, the AWE security training course is only available in a live hands-on environment at Black Hat USA in Las Vegas, NV.

Additionally, to get the most out of this live penetration testing course you will want to spend time in the evenings working through case studies and reviewing the provided reading material. This is the hardest and most intense Offensive Security course we offer and requires a lot of commitment from the students.

Can’t make it to Black Hat USA or need to have a large group trained from your organization? Offensive Security In-House Training can bring our Advanced Windows Exploitation course to you.

Student Prerequisites

Students should be experienced in developing windows exploits and understand how to operate a debugger. Familiarity with WinDbg, Immunity Debugger, and Python scripting is highly recommended. A willingness to work and put in real effort will greatly help students succeed in this security training course.

Computer Lab Requirements

You want to bring a serious laptop along. One able to run 3 VMs with ease. Please do not bring netbooks or other low resolution systems.

  • VMware Workstation / Fusion
  • At least 80 GB HD free
  • At least 8 GB of RAM
  • Wired Network Support
  • USB 2.0 support or better
  • 64bit Host operating system (Important)

OSEE Certification

The Offensive Security Exploitation Expert (OSEE) is the companion penetration testing certification to the Advanced Windows Exploitation (AWE) course. The OSEE certification thoroughly assesses not only the students understanding of the course content, but also their ability to think laterally and adapt to new challenges.

The OSEE virtual lab environment is configured with a limited number of target systems with software containing specific unknown vulnerabilities for which the student must develop exploits. In this extremely challenging exam, the student is provided with 72 hours in order to develop their exploits and fully document the steps taken.

The OSEE certification exam takes place completely online, with students connecting to our VPN virtual lab environment so you will need a stable, high speed Internet connection to take the Advanced Windows Exploitation exam.

Modern exploit mitigations require modern bypass techniques

Writing exploits on modern Windows based platforms over the years has become a complex dance of memory manipulation to circumvention of modern mitigations Microsoft has put in place.

Offensive Security’s AWE challenges you to develop creative solutions that work in today’s increasingly difficult exploitation environment.

Real-World Applications

All of the case studies in Advanced Windows Exploitation are large, well-known applications that are widely deployed in enterprise networks.

The AWE penetration testing training course provides an in-depth and hardcore drill down into topics ranging from precision heap spraying to DEP and ASLR bypass techniques to real-world 64-bit kernel exploitation.

Topics covered in Advanced Windows Exploitation include:

  • NX/ASLR Bypass – Using different techniques to bypass Data Execution Prevention and Address Space Layout Randomization protection mechanisms on modern operating systems.
  • Function pointer overwrites – Overwriting a function pointer in order to get code execution.
  • Precision Heap Spraying – Spraying the heap for reliable code execution.
  • Disarming EMET Mitigations to gain reliable code execution
  • 64 and 32 Bit Windows Kernel Driver Exploitation
  • Kernel Pool Exploitation

40 (ISC)² CPE Credits

This course may qualify you for 40 (ISC)² CPE Credits after you submit your documentation at the end of the training course or pass the certification challenge.

Contact the course provider: