├── OSCE³ Study Guide by Joas.xlsx
├── OSCE³ Study Guide by Joas.xmind
└── README.md


/OSCE³ Study Guide by Joas.xlsx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CyberSecurityUP/OSCE3-Complete-Guide/e04a3eccec8e7543faaf26d3e759013d3db02f08/OSCE³ Study Guide by Joas.xlsx


--------------------------------------------------------------------------------
/OSCE³ Study Guide by Joas.xmind:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CyberSecurityUP/OSCE3-Complete-Guide/e04a3eccec8e7543faaf26d3e759013d3db02f08/OSCE³ Study Guide by Joas.xmind


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # OSCE³ and OSEE Study Guide [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)
  2 | 
  3 | ## OSWE
  4 | 
  5 | ### Content
  6 | 
  7 | - Web security tools and methodologies
  8 | - Source code analysis
  9 | - Persistent cross-site scripting
 10 | - Session hijacking
 11 | - .NET deserialization
 12 | - Remote code execution
 13 | - Blind SQL injections
 14 | - Data exfiltration
 15 | - Bypassing file upload restrictions and file extension filters
 16 | - PHP type juggling with loose comparisons
 17 | - PostgreSQL Extension and User Defined Functions
 18 | - Bypassing REGEX restrictions
 19 | - Magic hashes
 20 | - Bypassing character restrictions
 21 | - UDF reverse shells
 22 | - PostgreSQL large objects
 23 | - DOM-based cross site scripting (black box)
 24 | - Server side template injection
 25 | - Weak random token generation
 26 | - XML External Entity Injection
 27 | - RCE via database Functions
 28 | - OS Command Injection via WebSockets (BlackBox)
 29 | 
 30 | ### Study Materials
 31 | 1. [timip-GitHub](https://github.com/timip/OSWE)- Reference guide
 32 | 2. [noraj-GitHub](https://github.com/noraj/AWAE-OSWE) - Reference guide
 33 | 3. [wetw0rk-Github](https://github.com/wetw0rk/AWAE-PREP) - Reference guide
 34 | 4. [kajalNair-Github](https://github.com/kajalNair/OSWE-Prep) - Reference guide
 35 | 5. [s0j0hn-Github](https://github.com/s0j0hn/AWAE-OSWE-Prep) - Reference guide
 36 | 6. [deletehead-Github](https://github.com/deletehead/awae_oswe_prep) - Reference guide
 37 | 7. [z-r0crypt](https://z-r0crypt.github.io/blog/2020/01/22/oswe/awae-preparation/) - Reference guide
 38 | 8. [rayhan0x01](https://rayhan0x01.github.io/web/2021/04/12/awae-web-300-oswe-guide-2021.html) - Reference guide
 39 | 9. [Nathan-Rague](https://hub.schellman.com/blog/oswe-review-and-exam-preparation-guide) - Reference guide
 40 | 10. [Joas Content](https://drive.google.com/file/d/1bASc-SLmuD0tXmd88h0QclRSpUu_rvnF/view?usp=sharing) - Reference guide
 41 | 11. [Lawlez-Github](https://github.com/Lawlez/myOSWE) - Reference guide
 42 | 12. [0xb120](https://github.com/0xb120/cheatsheets_and_ctf-notes/blob/main/OSWE%20preparation.md) - Reference Guide
 43 | 13. [Jaelkoh](https://infosec.jaelkoh.com/2024/my-first-year-in-infosec-zero-to-osce3)
 44 | 
 45 | ### Vulnerabilities
 46 | 
 47 | 1. [XXE Injection](https://www.hackingarticles.in/comprehensive-guide-on-xxe-injection/)
 48 | 2. [CSRF](https://www.hackingarticles.in/understanding-the-csrf-vulnerability-a-beginners-guide/)
 49 | 3. [Cross-Site Scripting Exploitation](https://www.hackingarticles.in/cross-site-scripting-exploitation/)
 50 | 4. [Cross-Site Scripting (XSS)](https://www.hackingarticles.in/comprehensive-guide-on-cross-site-scripting-xss/)
 51 | 5. [Unrestricted File Upload](https://www.hackingarticles.in/comprehensive-guide-on-unrestricted-file-upload/)
 52 | 6. [Open Redirect](https://www.hackingarticles.in/comprehensive-guide-on-open-redirect/)
 53 | 7. [Remote File Inclusion (RFI)](https://www.hackingarticles.in/comprehensive-guide-to-remote-file-inclusion-rfi/)
 54 | 8. [HTML Injection](https://www.hackingarticles.in/comprehensive-guide-on-html-injection/)
 55 | 9. [Path Traversal](https://www.hackingarticles.in/comprehensive-guide-on-path-traversal/)
 56 | 10. [Broken Authentication & Session Management](https://www.hackingarticles.in/comprehensive-guide-on-broken-authentication-session-management/)
 57 | 11. [OS Command Injection](https://www.hackingarticles.in/comprehensive-guide-on-os-command-injection/)
 58 | 12. [Multiple Ways to Banner Grabbing](https://www.hackingarticles.in/multiple-ways-to-banner-grabbing/)
 59 | 13. [Local File Inclusion (LFI)](https://www.hackingarticles.in/comprehensive-guide-to-local-file-inclusion/)
 60 | 14. [Netcat for Pentester](https://www.hackingarticles.in/netcat-for-pentester/)
 61 | 15. [WPScan:WordPress Pentesting Framework](https://www.hackingarticles.in/wpscanwordpress-pentesting-framework/)
 62 | 16. [WordPress Pentest Lab Setup in Multiple Ways](https://www.hackingarticles.in/wordpress-pentest-lab-setup-in-multiple-ways/)
 63 | 17. [Multiple Ways to Crack WordPress login](https://www.hackingarticles.in/multiple-ways-to-crack-wordpress-login/)
 64 | 18. [Web Application Pentest Lab Setup on AWS](https://www.hackingarticles.in/web-application-pentest-lab-setup-on-aws)
 65 | 19. [Web Application Lab Setup on Windows](https://www.hackingarticles.in/web-application-lab-setup-on-windows/)
 66 | 20. [Web Application Pentest Lab setup Using Docker](https://www.hackingarticles.in/web-application-pentest-lab-setup-using-docker/)
 67 | 21. [Web Shells Penetration Testing](https://www.hackingarticles.in/web-shells-penetration-testing/)
 68 | 22. [SMTP Log Poisoning](https://www.hackingarticles.in/smtp-log-poisioning-through-lfi-to-remote-code-exceution/)
 69 | 23. [HTTP Authentication](https://www.hackingarticles.in/multiple-ways-to-exploiting-http-authentication/)
 70 | 24. [Understanding the HTTP Protocol](https://www.hackingarticles.in/understanding-http-protocol/)
 71 | 25. [Broken Authentication & Session Management](https://www.hackingarticles.in/comprehensive-guide-on-broken-authentication-session-management/)
 72 | 26. [Apache Log Poisoning through LFI](https://www.hackingarticles.in/apache-log-poisoning-through-lfi/)
 73 | 27. [Beginner’s Guide to SQL Injection (Part 1)](https://www.hackingarticles.in/beginner-guide-sql-injection-part-1/)
 74 | 28. [Boolean Based](https://www.hackingarticles.in/beginner-guide-sql-injection-boolean-based-part-2/)
 75 | 29. [How to Bypass SQL Injection Filter](https://www.hackingarticles.in/bypass-filter-sql-injection-manually/)
 76 | 30. [Form Based SQL Injection](https://www.hackingarticles.in/form-based-sql-injection-manually/)
 77 | 31. [Dumping Database using Outfile](https://www.hackingarticles.in/dumping-database-using-outfile/)
 78 | 32. [IDOR](https://www.hackingarticles.in/beginner-guide-insecure-direct-object-references/)
 79 | 
 80 | ### Reviews
 81 | 
 82 | 1. [OSWE Review](https://www.helviojunior.com.br/it/oswe-uma-historia-de-insucessos/) - Portuguese Content
 83 | 2. [0xklaue](https://0xklaue.medium.com/attacking-the-web-the-offensive-security-way-b38bea609318)
 84 | 3. [greenwolf security](https://medium.com/greenwolf-security/an-awae-oswe-review-2020-update-6d6ec7a80c1f)
 85 | 4. [Cristian R](https://securitygrind.com/the-oswe-in-review/)
 86 | 5. [21y4d](https://forum.hackthebox.eu/discussion/2646/oswe-exam-review-2020-notes-gifts-inside) - Exam Reviews
 87 | 6. [Marcin Szydlowski](https://infosecwriteups.com/awae-oswe-review-from-a-non-developer-perspective-2c2842cfbd4d)
 88 | 7. [Nathan Rague](https://hub.schellman.com/blog/oswe-review-and-exam-preparation-guide)
 89 | 8. [Elias Dimopoulos](https://www.linkedin.com/pulse/awaeoswe-2020-expected-review-elias-dimopoulos/)
 90 | 9. [OSWE Review - Tips & Tricks](https://www.youtube.com/watch?v=ElZ7fFE9Gr4) - OSWE Review - Tips & Tricks
 91 | 10. [Alex-labs](https://alex-labs.com/my-awae-review-becoming-an-oswe/)
 92 | 11. [niebardzo Github](https://niebardzo.github.io/2021-01-12-oswe-review/) - Exam Review
 93 | 12. [Marcus Aurelius](https://stacktrac3.co/oswe-review-awae-course/)
 94 | 13. [yakuhito](https://blog.kuhi.to/offsec-awae-oswe-review)
 95 | 14. [donavan.sg](https://donavan.sg/blog/index.php/2020/03/14/the-awae-oswe-journey-a-review/)
 96 | 15. [Alexei Kojenov](https://kojenov.com/2020-04-08-oswe-review/)
 97 | 16. [(OSWE)-Journey & Review](https://www.youtube.com/watch?v=wDev3q8lADE) - Offensive Security Web Expert (OSWE) - Journey & Review
 98 | 17. [Patryk Bogusz](https://niebardzo.github.io/2021-01-12-oswe-review/)
 99 | 18. [svdwi GitHub](https://github.com/svdwi/OSWE-Labs-Poc) - OSWE Labs POC
100 | 19. [Werebug.com ](https://werebug.com/journal/oswe/osep/2021/08/05/oswe-and-osep-obtained-what-next.html) - OSWE and OSEP
101 | 20. [jvesiluoma](https://www.vesiluoma.com/offensive-security-web-expert-oswe-advanced-web-attacks-and-exploitation/)
102 | 21. [ApexPredator](https://github.com/ApexPredator-InfoSec/AWAE-OSWE)
103 | 22. [Thomas Peterson](https://tpetersonkth.github.io/2022/04/16/OSWE-Review.html)
104 | 23. [NOH4TS](https://n0h4ts.medium.com/how-i-pass-oswe-on-the-first-try-2022-92ffaee1e636)
105 | 24. [Alex](https://alex-labs.com/my-awae-review-becoming-an-oswe/)
106 | 25. [RCESecurity](https://www.rcesecurity.com/2022/04/AWAE-Course-and-OSWE-Exam-Review/)
107 | 26. [Dhakal](https://dhakal-ananda.com.np/non-technical/2023/02/09/oswe-journey.html)
108 | 27. [Karol Mazurek](https://karol-mazurek95.medium.com/oswe-preparation-5d2d5f0e2cba)
109 | 28. [4PFSec](https://4pfsec.com/oswe)
110 | 29. [Cobalt.io](https://www.cobalt.io/blog/awae-oswe-for-humans)
111 | 30. [hakansonay](https://hakansonay.medium.com/the-oswe-review-and-exam-preparation-guide-e37886046b23)
112 | 31. [Jake Mayhew](https://medium.com/@jake.mayhew/web-300-oswe-review-offsec-web-expert-46074fbdb237)
113 | 32. [Organic Security](https://www.organicsecurity.in/2024/01/oswe-by-offsec-detailed-review.html)
114 | 33. [Bitten Tech](https://www.youtube.com/watch?v=k1NExrTNfks)
115 | 34. [What is OSWE Certification – StationX](https://www.stationx.net/what-is-oswe-certification/)
116 | 35. [OSCP and OSWE Journey – Adam Bartlett](https://medium.com/@adamforsythebartlett/oscp-and-oswe-journey-fe28a994604c)
117 | 36. [OSWE Notes – Secdomain](https://github.com/Secdomain/OSWE-Notes)
118 | 37. [OSWE Resources – saunders-jake](https://github.com/saunders-jake/oswe-resources)
119 | 
120 | 
121 | ### Extra Content 
122 | 
123 | 1. [OSWE labs](https://www.youtube.com/watch?v=F46tQww_IvE) - OSWE labs and exam's review/guide
124 | 2. [HTB Machine](https://www.youtube.com/watch?v=NMGsnPSm8iw&list=PLidcsTyj9JXKTnpphkJ310PVVGF-GuZA0)
125 | 3. [Deserialization](https://www.youtube.com/watch?v=t-zVC-CxYjw&list=PLL5n_4gj5JCw1aRrlVbdMCAugNz-ia3Wh)
126 | 7. [B1twis3](https://medium.com/@fasthm00/the-state-of-oswe-c68150210fe4)
127 | 9. [jangelesg GitHub](https://github.com/jangelesg/AWAE-OSWE)
128 | 10. [rootshooter](https://github.com/rootshooter/oswe-prep-2022)
129 | 11. [svdwi](https://github.com/svdwi/OSWE-Labs-Poc)
130 | 
131 | ## OSEP
132 | 
133 | ### Content
134 | 
135 | - Operating System and Programming Theory
136 | - Client Side Code Execution With Office
137 | - Client Side Code Execution With Jscript
138 | - Process Injection and Migration
139 | - Introduction to Antivirus Evasion
140 | - Advanced Antivirus Evasion
141 | - Application Whitelisting
142 | - Bypassing Network Filters
143 | - Linux Post-Exploitation
144 | - Kiosk Breakouts
145 | - Windows Credentials
146 | - Windows Lateral Movement
147 | - Linux Lateral Movement
148 | - Microsoft SQL Attacks
149 | - Active Directory Exploitation
150 | - Combining the Pieces
151 | - Trying Harder: The Labs
152 | 
153 | ### Study Materials
154 | 
155 | - [OSEP Code Snippets](https://github.com/chvancooten/OSEP-Code-Snippets)
156 | - [Experienced Pentester OSEP](https://github.com/nullg0re/Experienced-Pentester-OSEP)
157 | - [OSEP Pre](https://github.com/r0r0x-xx/OSEP-Pre)
158 | - [PEN 300 OSEP Prep](https://github.com/deletehead/pen_300_osep_prep)
159 | - [OSEP Thoughts](https://github.com/J3rryBl4nks/OSEP-Thoughts)
160 | - [OSEP Code Snippets README](https://github.com/chvancooten/OSEP-Code-Snippets/blob/main/README.md)
161 | - [Osep](https://github.com/aldanabae/Osep)
162 | - [Google Drive File](https://drive.google.com/file/d/1znezUNtghkcFhwfKMZmeyNrtdbwBXRsz/view?usp=sharing)
163 | - [Awesome Red Team Operations](https://github.com/CyberSecurityUP/Awesome-Red-Team-Operations)
164 | - [OSEP Study Guide 2022 - João Paulo de Andrade Filho](https://www.linkedin.com/pulse/osep-study-guide-2022-jo%C3%A3o-paulo-de-andrade-filho/)
165 | - [OSEP PREP Useful Resources Payloads](https://github.com/Ross46/OSEP-PREP/blob/main/Useful%20Resources/Payloads.md)
166 | - [OSEP in3x0rab13](https://github.com/In3x0rabl3/OSEP)
167 | - [OSEP forsec](https://forsec.nl/osep.html)
168 | 
169 | ### Reviews
170 | 
171 | - [nullg0re](https://nullg0re.com/?p=113)
172 | - [SpaceRaccoon Dev](https://spaceraccoon.dev/offensive-security-experienced-penetration-tester-osep-review-and-exam)
173 | - [HackSouth YouTube](https://www.youtube.com/watch?v=fA3pkNcGpH0&ab_channel=HackSouth)
174 | - [Schellman](https://www.schellman.com/blog/osep-and-pen-300-course-review)
175 | - [Cinzinga](https://cinzinga.com/OSEP-PEN-300-Review/)
176 | - [YouTube iUPyiJbN4l4](https://www.youtube.com/watch?v=iUPyiJbN4l4)
177 | - [BorderGate](https://www.bordergate.co.uk/offensive-security-experienced-penetration-tester-osep-review/)
178 | - [Reddit OSEP Review](https://www.reddit.com/r/osep/comments/ldhc20/osep_review/)
179 | - [Reddit OSCP Review](https://www.reddit.com/r/oscp/comments/jj0sr9/offensive_security_experienced_penetration_tester/)
180 | - [Purpl3F0xSecur1ty](https://www.purpl3f0xsecur1ty.tech/2021/03/18/osep.html)
181 | - [MakoSecBlog](https://makosecblog.com/miscellaneous/osep-course-review/)
182 | - [YouTube iUPyiJbN4l4](https://www.youtube.com/watch?v=iUPyiJbN4l4&t=1s)
183 | - [YouTube 15sv5eZ0oCM](https://www.youtube.com/watch?v=15sv5eZ0oCM)
184 | - [YouTube 0n3Li63PwnQ](https://www.youtube.com/watch?v=0n3Li63PwnQ)
185 | - [YouTube BWNzB1wIEQ](https://www.youtube.com/watch?v=BWNzB1wIEQ)
186 | - [SpaceRaccoon Dev](https://spaceraccoon.dev/offensive-security-experienced-penetration-tester-osep-review-and-exam)
187 | - [Cas van Cooten](https://casvancooten.com/posts/2021/03/getting-the-osep-certification-evasion-techniques-and-breaching-defenses-pen-300-course-review/)
188 | - [BorderGate](https://www.bordergate.co.uk/offensive-security-experienced-penetration-tester-osep-review/)
189 | - [MakoSecBlog](https://makosecblog.com/miscellaneous/osep-course-review/)
190 | - [David Lebr1 GitBook](https://davidlebr1.gitbook.io/infosec/blog/osep-review)
191 | - [Offensive Security](https://www.offensive-security.com/offsec/pen300-approach-review/)
192 | - [João Paulo de Andrade Filho LinkedIn](https://www.linkedin.com/pulse/osep-study-guide-2022-jo%C3%A3o-paulo-de-andrade-filho/)
193 | - [YouTube R1apMwbVuDs](https://www.youtube.com/watch?v=R1apMwbVuDs)
194 | - [YouTube iUPyiJbN4l4](https://www.youtube.com/watch?v=iUPyiJbN4l4)
195 | - [Cristian Cornea Medium](https://corneacristian.medium.com/tips-for-offensive-security-experienced-penetration-tester-osep-certification-92f3801428c3)
196 | - [Security Boulevard](https://securityboulevard.com/2023/05/osep-review/)
197 | - [YouTube R1apMwbVuDs](https://www.youtube.com/watch?v=R1apMwbVuDs&ab_channel=Conda)
198 | - [Fluid Attacks](https://fluidattacks.com/blog/osep-review/)
199 | - [Heartburn.dev](https://heartburn.dev/osep-review-2021-offensive-security-experienced-pentester/)
200 | - [YouTube FVZkVZKIyOA](https://www.youtube.com/watch?v=FVZkVZKIyOA&ab_channel=FantasM)
201 | - [RootJaxk](https://rootjaxk.github.io/posts/OSEP/)
202 | - [Dhruvagoyal](https://dhruvagoyal.medium.com/cracking-the-osep-exam-a-48-hour-marathon-to-victory-c0021cd15c3c)
203 | - [IT Security Labs](https://www.youtube.com/watch?v=5SEgaUhVCcE)
204 | - [Benjamen Lim](https://westsideelectronics.com/osep-in-2024/)
205 | - [Marmeus](https://marmeus.com/post/OSEP)
206 | - [Winslow](https://winslow1984.com/books/notes-beK/page/backup-osep-and-oswe-review)
207 | - [Jakob Bo Moller](https://www.linkedin.com/pulse/my-osep-experience-jakob-bo-m%C3%B8ller-0taze/)
208 | - [swzhouu](https://medium.com/secure-d/offsec-experienced-penetration-tester-osep-2024-review-9183343d7453)
209 | - [My Review on OSEP 2025](https://medium.com/@toneemarqus/my-review-on-osep-2025-abea5413ca7f)
210 | - [OSEP Certification Overview – StationX](https://www.stationx.net/osep-certification/)
211 | - [I Passed OSEP with secret.txt and So Can You](https://medium.com/@beauknowstech/i-passed-osep-with-secret-txt-and-so-can-you-e0286d1af3bb)
212 | - [OSED vs OSEP Review – 0xbad53c](https://red.0xbad53c.com/training-reviews/offensive-security/osed)
213 | - [OSEP Prep Notes – Ross46](https://github.com/Ross46/OSEP-PREP/blob/main/Exam%202.0.md)
214 | - [OSEPlayground – Extravenger](https://github.com/Extravenger/OSEPlayground)
215 | - [YouTube – OSEP Review Video](https://www.youtube.com/watch?v=GweSTA7a4ho)
216 | 
217 | ### Labs
218 | 
219 | - [SpaceRaccoon Dev - OSEP Review and Exam](https://spaceraccoon.dev/offensive-security-experienced-penetration-tester-osep-review-and-exam)
220 | - [Exploit-DB - Evasion Techniques Breaching Defenses](https://www.exploit-db.com/evasion-techniques-breaching-defenses)
221 | - [OSCP Exam Report Template Markdown](https://noraj.github.io/OSCP-Exam-Report-Template-Markdown/)
222 | - [Offensive Security - OSEP Exam FAQ](https://help.offensive-security.com/hc/en-us/articles/360049781352-OSEP-Exam-FAQ)
223 | - [CyberEagle - OSEP Review](https://www.cybereagle.io/blog/osep-review/)
224 | - [PentestLab - Defense Evasion](https://pentestlab.blog/category/red-team/defense-evasion/)
225 | - [PentestLab - Antivirus Evasion](https://pentestlab.blog/tag/antivirus-evasion/)
226 | - [PentestLaboratories - Process Herpaderping Windows Defender Evasion](https://pentestlaboratories.com/2021/01/18/process-herpaderping-windows-defender-evasion/)
227 | - [YouTube - PentesterAcademyTV](https://www.youtube.com/watch?v=dS0GcSA7kEw&ab_channel=PentesterAcademyTV)
228 | - [YouTube - PacktVideo](https://www.youtube.com/watch?v=cqxOS9uQL_c&ab_channel=PacktVideo)
229 | - [YouTube - PentesterAcademyTV](https://www.youtube.com/watch?v=ZaJpDeLvo6I&ab_channel=PentesterAcademyTV)
230 | - [GitHub - In3x0rabl3/OSEP](https://github.com/In3x0rabl3/OSEP)
231 | - [GitHub - timip/OSEP](https://github.com/timip/OSEP)
232 | 
233 | ## OSED
234 | 
235 | ### Content
236 | 
237 | - WinDbg tutorial
238 | - Stack buffer overflows
239 | - Exploiting SEH overflows
240 | - Intro to IDA Pro
241 | - Overcoming space restrictions: Egghunters
242 | - Shellcode from scratch
243 | - Reverse-engineering bugs
244 | - Stack overflows and DEP/ASLR bypass
245 | - Format string specifier attacks
246 | - Custom ROP chains and ROP payload decoders
247 | 
248 | ### Study Materials
249 | 
250 | - [snoopysecurity - OSCE Prep](https://github.com/snoopysecurity/OSCE-Prep)
251 | - [epi052 - OSED Scripts](https://github.com/epi052/osed-scripts)
252 | - [Exploit-DB - Windows User Mode Exploit Development](https://www.exploit-db.com/windows-user-mode-exploit-development)
253 | - [r0r0x-xx - OSED Pre](https://github.com/r0r0x-xx/OSED-Pre)
254 | - [sradley - OSED](https://github.com/sradley/osed)
255 | - [Nero22k - Exploit Development](https://github.com/Nero22k/Exploit_Development)
256 | - [YouTube - 7PMw9GIb8Zs](https://www.youtube.com/watch?v=7PMw9GIb8Zs)
257 | - [YouTube - FH1KptfPLKo](https://www.youtube.com/watch?v=FH1KptfPLKo)
258 | - [YouTube - sOMmzUuwtmc](https://www.youtube.com/watch?v=sOMmzUuwtmc)
259 | - [ExploitLab Blog](https://blog.exploitlab.net/)
260 | - [Azeria Labs - Heap Exploit Development Part 1](https://azeria-labs.com/heap-exploit-development-part-1/)
261 | - [ZeroKnights - Getting Started Exploit Lab](http://zeroknights.com/getting-started-exploit-lab/)
262 | - [Google Drive File 1](https://drive.google.com/file/d/1poocO7AOMyBQBtDXvoaZ2dgkq3Zf1Wlb/view?usp=sharing)
263 | - [Google Drive File 2](https://drive.google.com/file/d/1qPPs8DHbeJ6YIIjbsC-ZPMajUeSfXw6N/view?usp=sharing)
264 | - [Google Drive File 3](https://drive.google.com/file/d/1RdkhmTIvD6H4uTNxWL4FCKISgVUbaupL/view?usp=sharing)
265 | - [Corelan - Exploit Writing Tutorial Part 1: Stack Based Overflows](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/)
266 | - [wtsxDev - Exploit Development](https://github.com/wtsxDev/Exploit-Development/blob/master/README.md)
267 | - [corelan - Corelan Training](https://github.com/corelan/CorelanTraining)
268 | - [subat0mik - Journey to OSCE](https://github.com/subat0mik/Journey_to_OSCE)
269 | - [nanotechz9l - Corelan Exploit Tutorial Part 1: Stack Based Overflows](https://github.com/nanotechz9l/Corelan-Exploit-tutorial-part-1-Stack-Based-Overflows/blob/master/3%20eip_crash.rb)
270 | - [snoopysecurity - OSCE Prep](https://github.com/snoopysecurity/OSCE-Prep)
271 | - [bigb0sss - OSCE](https://github.com/bigb0sss/OSCE)
272 | - [epi052 - OSCE Exam Practice](https://github.com/epi052/OSCE-exam-practice)
273 | - [mdisec - OSCE Preparation](https://github.com/mdisec/osce-preparation)
274 | - [mohitkhemchandani - OSCE BIBLE](https://github.com/mohitkhemchandani/OSCE_BIBLE)
275 | - [FULLSHADE - OSCE](https://github.com/FULLSHADE/OSCE)
276 | - [areyou1or0 - OSCE Exploit Development](https://github.com/areyou1or0/OSCE-Exploit-Development)
277 | - [securityELI - CTP OSCE](https://github.com/securityELI/CTP-OSCE)
278 | - [Google Drive File 4](https://drive.google.com/file/d/1MH9Tv-YTUVrqgLT3qJDBl8Ww09UyF2Xc/view?usp=sharing)
279 | - [Coalfire Blog - The Basics of Exploit Development](https://www.coalfire.com/the-coalfire-blog/january-2020/the-basics-of-exploit-development-1)
280 | - [Connor McGarr - Browser Exploit](https://connormcgarr.github.io/browser1/)
281 | - [KaliTut - Exploit Development Resources](https://kalitut.com/exploit-development-resources/)
282 | - [0xZ0F - Z0FCourse Exploit Development](https://github.com/0xZ0F/Z0FCourse_ExploitDevelopment)
283 | - [dest-3 - OSED Resources](https://github.com/dest-3/OSED_Resources)
284 | - [Infosec Institute - Python for Exploit Development](https://resources.infosecinstitute.com/topic/python-for-exploit-development-common-vulnerabilities-and-exploits/)
285 | - [Anitian - A Study in Exploit Development Part 1: Setup and Proof of Concept](https://www.anitian.com/a-study-in-exploit-development-part-1-setup-and-proof-of-concept/)
286 | - [Sam's Class - WWC 2014](https://samsclass.info/127/127_WWC_2014.shtml)
287 | - [Stack Overflow - Exploit Development in Python 3](https://stackoverflow.com/questions/42615124/exploit-development-in-python-3)
288 | - [CTF Writeups - Converting Metasploit Modules to Python](https://cd6629.gitbook.io/ctfwriteups/converting-metasploit-modules-to-python)
289 | - [PacktPub - Networking and Servers](https://subscription.packtpub.com/book/networking_and_servers/9781785282324/8)
290 | - [Cybrary - Exploit Development Part 5](https://www.cybrary.it/video/exploit-development-part-5/)
291 | - [SpaceRaccoon - ROP and Roll EXP-301 Offensive Security Exploit Development (OSED) Review](https://spaceraccoon.dev/rop-and-roll-exp-301-offensive-security-exploit-development-osed-review-an)
292 | - [Offensive Security - OSED Exam Guide](https://help.offensive-security.com/hc/en-us/articles/360052977212-OSED-Exam-Guide)
293 | - [epi052 - OSED Scripts](https://github.com/epi052/osed-scripts)
294 | - [YouTube - 0n3Li63PwnQ](https://www.youtube.com/watch?v=0n3Li63PwnQ)
295 | - [epi052 - Windows Usermode Exploit Development Review](https://epi052.gitlab.io/notes-to-self/blog/2021-06-16-windows-usermode-exploit-development-review/)
296 | - [PythonRepo - epi052 OSED Scripts](https://pythonrepo.com/repo/epi052-osed-scripts)
297 | - [dhn - OSEE](https://github.com/dhn/OSEE)
298 | - [PythonRepo - epi052 OSED Scripts](https://pythonrepo.com/repo/epi052-osed-scripts)
299 | - [nop-tech - OSED](https://github.com/nop-tech/OSED)
300 | - [Ired Team - ROP Chaining Return Oriented Programming](https://www.ired.team/offensive-security/code-injection-process-injection/binary-exploitation/rop-chaining-return-oriented-programming)
301 | - [InfoSec Writeups - ROP Chains on ARM](https://infosecwriteups.com/rop-chains-on-arm-3f087a95381e)
302 | - [YouTube - 8zRoMAkGYQE](https://www.youtube.com/watch?v=8zRoMAkGYQE)
303 | - [Infosec Institute - Return Oriented Programming ROP Attacks](https://resources.infosecinstitute.com/topic/return-oriented-programming-rop-attacks/)
304 | - [dest-3 - OSED Resources](https://github.com/dest-3/OSED_Resources)
305 | - [mrtouch93 - OSED Notes](https://github.com/mrtouch93/OSED-Notes)
306 | - [wry4n - OSED Scripts](https://github.com/wry4n/osed-scripts)
307 | - [r0r0x-xx - OSED Pre](https://github.com/r0r0x-xx/OSED-Pre)
308 | 
309 | ### Reviews
310 | 
311 | 
312 | - [YouTube - aWHL9hIKTCA](https://www.youtube.com/watch?v=aWHL9hIKTCA)
313 | - [YouTube - 62mWZ1xd8eM](https://www.youtube.com/watch?v=62mWZ1xd8eM)
314 | - [ihack4falafel - Offensive Security AWEOSEE Review](https://ihack4falafel.github.io/Offensive-Security-AWEOSEE-Review/)
315 | - [LinkedIn - Advanced Windows Exploitation (OSEE) Review - Etizaz Mohsin](https://www.linkedin.com/pulse/advanced-windows-exploitation-osee-review-etizaz-mohsin-/)
316 | - [Animal0day - Reviews for OSCP, OSCE, OSEE, and Corelan](https://animal0day.blogspot.com/2018/11/reviews-for-oscp-osce-osee-and-corelan.html)
317 | - [AddaxSoft - Offensive Security Advanced Windows Exploitation (AWE/OSEE) Review](https://addaxsoft.com/blog/offensive-security-advanced-windows-exploitation-awe-osee-review/)
318 | - [jhalon - OSCE Review](https://jhalon.github.io/OSCE-Review/)
319 | - [YouTube - NAe6f1_XG6Q](https://www.youtube.com/watch?v=NAe6f1_XG6Q)
320 | - [SpaceRaccoon - ROP and Roll EXP-301 Offensive Security Exploit Development (OSED) Review](https://spaceraccoon.dev/rop-and-roll-exp-301-offensive-security-exploit-development-osed-review-and)
321 | - [kuhi.to - OFFSEC EXP301 OSED Review](https://blog.kuhi.to/offsec-exp301-osed-review)
322 | - [epi052 - Windows Usermode Exploit Development Review](https://epi052.gitlab.io/notes-to-self/blog/2021-06-16-windows-usermode-exploit-development-review/)
323 | - [SpaceRaccoon - ROP and Roll EXP-301 Offensive Security Exploit Development (OSED) Review](https://spaceraccoon.dev/rop-and-roll-exp-301-offensive-security-exploit-development-osed-review-and/)
324 | - [YouTube - NAe6f1_XG6Q](https://www.youtube.com/watch?v=NAe6f1_XG6Q)
325 | - [LinkedIn - Offensive Security Certified Expert 3 (OSCE3) - Cristian Cornea](https://www.linkedin.com/posts/cristian-cornea-b37005178_offensive-security-certified-expert-3-osce3-activity-7006233011746709505-1WCG/)
326 | - [NOP Blog - OSED](https://nop-blog.tech/blog/osed/)
327 | - [Deep Hacking - OSED Review](https://deephacking.tech/osed-review/)
328 | - [OSED Review – Navigating The Shadows](https://red.0xbad53c.com/training-reviews/offensive-security/osed)
329 | 
330 | ### Labs
331 | 
332 | - [CyberSecurityUP - Buffer Overflow Labs](https://github.com/CyberSecurityUP/Buffer-Overflow-Labs)
333 | - [ihack4falafel - OSCE](https://github.com/ihack4falafel/OSCE)
334 | - [nathunandwani - CTP OSCE](https://github.com/nathunandwani/ctp-osce)
335 | - [sufyandaredevil - OSED - Exploiting SEH Overflows](https://github.com/sufyandaredevil/OSED/blob/main/03_exploiting_seh_overflows.md)
336 | - [firmianay - Life-long Learner - SEED Labs - Buffer Overflow Vulnerability Lab](https://github.com/firmianay/Life-long-Learner/blob/master/SEED-labs/buffer-overflow-vulnerability-lab.md)
337 | - [wadejason - Buffer Overflow Vulnerability Lab](https://github.com/wadejason/Buffer-Overflow-Vulnerability-Lab)
338 | - [Jeffery-Liu - Buffer Overflow Vulnerability Lab](https://github.com/Jeffery-Liu/Buffer-Overflow-Vulnerability-Lab)
339 | - [mutianxu - SEED LAB - Buffer Overflow Attack](https://github.com/mutianxu/SEED-LAB-Bufferoverflow_attack)
340 | - [INE - Windows Exploit Development](https://my.ine.com/CyberSecurity/courses/54819bbb/windows-exploit-development)
341 | - [Connor McGarr - Browser Exploit](https://connormcgarr.github.io/browser1/)
342 | - [Coalfire Blog - The Basics of Exploit Development](https://www.coalfire.com/the-coalfire-blog/january-2020/the-basics-of-exploit-development-1)
343 | - [Pentest Magazine - Exploit Development Windows](https://pentestmag.com/product/exploit-development-windows-w38/)
344 | - [Steflan Security - Complete Guide to Stack Buffer Overflow (OSCP)](https://steflan-security.com/complete-guide-to-stack-buffer-overflow-oscp/#:~:text=Stack%20buffer%20overflow%20is%20a,of%20the%20intended%20data%20structure)
345 | - [Offensive Security - EVOCAM Remote Buffer Overflow on OSX](https://www.offensive-security.com/vulndev/evocam-remote-buffer-overflow-on-osx/)
346 | - [Exploit-DB - Exploit 42928](https://www.exploit-db.com/exploits/42928)
347 | - [Exploit-DB - Exploit 10434](https://www.exploit-db.com/exploits/10434)
348 | - [OCW CS PUB RO - Lab 08](https://ocw.cs.pub.ro/courses/cns/labs/lab-08)
349 | - [epi052 - OSED Scripts](https://github.com/epi052/osed-scripts)
350 | 
351 | ## OSEE
352 | 
353 | ### Content
354 | 
355 | - Bypass and evasion of user mode security mitigations such as DEP, ASLR, CFG, ACG and CET
356 | - Advanced heap manipulations to obtain code execution along with guest-to-host and sandbox escapes
357 | - Disarming WDEG mitigations and creating version independence for weaponization
358 | - 64-Bit Windows Kernel Driver reverse engineering and vulnerability discovery
359 | - Bypass of kernel mode security mitigations such as kASLR, NX, SMEP, SMAP, kCFG and HVCI
360 | 
361 | ### Study Materials
362 | 
363 | - [Advanced Windows Exploitation (OSEE) Review – Etizaz Mohsin](https://www.linkedin.com/pulse/advanced-windows-exploitation-osee-review-etizaz-mohsin-/)
364 | - [State of Exploit Development Part 2 – CrowdStrike](https://www.crowdstrike.com/blog/state-of-exploit-development-part-2/)
365 | - [BlackHat – Windows Kernel Exploitation (Video)](https://www.youtube.com/watch?v=pH6qocUEor0&ab_channel=BlackHat)
366 | - [NCC Group – Windows Exploit Mitigations](https://github.com/nccgroup/exploit_mitigations/blob/master/windows_mitigations.md)
367 | - [Sandbox Escapes Collection – TechnoHerder](https://hack.technoherder.com/sandbox-escapes/)
368 | - [Zero Day Initiative – Kernel Exploitation (1)](https://www.youtube.com/watch?v=LUH6ZxYNJFg&ab_channel=ZeroDayInitiative)
369 | - [Zero Day Initiative – Kernel Exploitation (2)](https://www.youtube.com/watch?v=NDuWcGn5hTQ&ab_channel=ZeroDayInitiative)
370 | - [BlackHat – Bypassing Modern Windows Protections](https://www.youtube.com/watch?v=p0OaGMlBb2k&ab_channel=BlackHat)
371 | - [VirtualBox E1000 0-Day](https://github.com/MorteNoir1/virtualbox_e1000_0day)
372 | - [Palantir – Assessing Effectiveness of Defender Exploit Guard](https://blog.palantir.com/assessing-the-effectiveness-of-a-new-security-data-source-windows-defender-exploit-guard-860b69db2ad2)
373 | - [ExploitGuard – Palantir GitHub](https://github.com/palantir/exploitguard)
374 | - [Windows Classic Samples – Microsoft](https://github.com/microsoft/Windows-classic-samples)
375 | - [How to Hook Windows API using C++](https://github.com/SofianeHamlaoui/Pentest-Notes/blob/master/offensive-security/code-injection-process-injection/how-to-hook-windows-api-using-c%2B%2B.md)
376 | - [Windows API with Python](https://github.com/ndeepak-zzzz/Windows-API-with-Python)
377 | - [Windows API for Pentesting – int0x33](https://int0x33.medium.com/day-59-windows-api-for-pentesting-part-1-178c6ba280cb)
378 | 
379 | ### Reviews
380 | 
381 | - [AWEOSEE Review – ihack4falafel](https://ihack4falafel.github.io/Offensive-Security-AWEOSEE-Review/)
382 | - [Advanced Windows Exploitation Review – Richard Osgood](https://www.richardosgood.com/posts/advanced-windows-exploitation-review/)
383 | - [OSEE Review Video – David Alves](https://www.youtube.com/watch?v=srJ1ICC4ON8&ab_channel=DavidAlvesWeb)
384 | - [My Offensive Security Journey – 0xInyiak](https://medium.com/@0xInyiak/my-offensive-security-journey-part-1-5ffbd66fe0c2)
385 | 
386 | ### Labs
387 | 
388 | - [EXP-401-OSEE – BLACKHAT-SSG](https://github.com/BLACKHAT-SSG/EXP-401-OSEE)
389 | - [OSEE – timip](https://github.com/timip/OSEE)
390 | - [OSEE – dhn](https://github.com/dhn/OSEE)
391 | - [AWE-OSEE-Prep – orangice](https://github.com/orangice/AWE-OSEE-Prep)
392 | - [AWE-OSEE-Prep – matthiaskonrath](https://github.com/matthiaskonrath/AWE-OSEE-Prep)
393 | - [OSEE – ihack4falafel](https://github.com/ihack4falafel/OSEE)
394 | - [OSEE – gscamelo](https://github.com/gscamelo/OSEE)
395 | - [3XPL01t5 – w4fz5uck5](https://github.com/w4fz5uck5/3XPL01t5)
396 | 
397 | ## OSCE³ OffSec Resources
398 | 
399 | - [OffSec Courses Tools](https://www.kali.org/tools/offsec-courses/)
400 | 
401 | ## Social Network
402 | 
403 | ### [Joas Antonio - Linkedin](https://www.linkedin.com/in/joas-antonio-dos-santos)
404 | ### [CyberSceurityUP- GitHub](https://github.com/CyberSecurityUP)
405 | ### [C0d3Cr4zy - Twitter](https://twitter.com/C0d3Cr4zy)
406 | 
407 | ### [Filipi Pires - Linkedin](https://www.linkedin.com/in/filipipires/)
408 | ### [Filipi Pires - GitHub](https://github.com/filipi86)
409 | ### [Filipi Pires - Twitter](https://twitter.com/FilipiPires)
410 | 


--------------------------------------------------------------------------------