In this article, you will find relevant information and answers to questions related to EXP-301 course exam.
- Exam tour
- Where can I find the exam guide?
- How do I know if I'm ready to take the exam?
- How do I schedule my certification exam?
- What is the exam retake policy?
- How do I know what the goals of the exam are?
- How do I get points on the exam?
- How many points do I need to pass the exam?
- Do I get points for partial solutions?
- Can I submit an exercise report for bonus points?
- Is reverse engineering part of the exam?
- Is fuzzing part of the exam?
- Do I need to include code and screenshots in the exam report?
- Do target machines contain a flag?
- What is required as documentation for flags?
- Are there assignment dependencies in the exam?
- Can I revert machines during the exam?
- If I get stuck on one assignment can I still complete the exam?
- Do I need a local VM for development during the exam?
- Can I write my exploit in a language that is not Python3?
- Can I use a debugger that is not WinDBG?
- Can I use a disassembler that is not IDA free?
- Can I use plugins for WinDBG?
- Can I use exploit writing frameworks?
- Can I download exam binaries to my local system?
- Can I use Discord during the exam?
- How do the challenge labs compare to the exam?
- If I fail and retake the exam will I get the same exam machines?
- Can I appeal my exam result ?
- May I request feedback on the exam?
- What information is available about exam proctoring?
Watch this video for a quick overview on the exam process, from scheduling to submitting your exam report.
This video was current as of October 2022. As we continue to improve the Learning Library, slight modifications in the interface or functionality may appear.
Have more questions? Check the frequently asked questions below.
The OffSec Exploit Developer (OSED) certification exam simulates a live network that contains several vulnerable systems. You need to exploit these machines and provide proof of exploitation. You will have 47 hours and 45 minutes to complete the challenge itself and a further 24 hours to submit your documentation.
The OSED exam guide is available at the following link: OSED Exam Guide
This is, of course, a very difficult question to answer. At a minimum, we recommend that you understand the majority of the concepts taught in the course and complete the challenge labs.
You can schedule your exam using the link that was provided to you in your welcome pack. If you’re unable to locate it, please contact our Orders department and they will be happy to re-send it to you. Using the scheduling link, you are able to determine when there is a free slot in our exam lab, allowing you to select a date that suits you.
All exams have a cooling off period in between attempts. You can view additional details on the cooling off period here.
Once your exam starts, you will get access to the control panel. On the control panel, you will find three assignments with instructions on how to solve them.
Points are awarded by solving exam assignments.
The exam can be passed by solving at least two out of three assignments.
No, only solutions that fully solve the assignment provide points on the exam.
No, it is not possible to obtain any bonus points on the OSED exam from completing the course exercises.
Yes, reverse engineering to locate vulnerabilities is part of the exam.
No, all vulnerabilities are meant to be located through the use of reverse engineering.
You should include enough information in the exam report so our graders can replicate your steps. This includes explaining your code as well as all exploitation and reverse engineering steps.
Yes, for assignments that require you to write an exploit, you must obtain a proof.txt from a target machine through a remote shell. Some assignments will not require the collection of proof.txt.
In the exam report, you must include a screenshot of the flag in its original location by using the type command. You must also include the output of ipconfig.
No, the three assignments are independent of each other.
Yes, you can revert the exam machines through the control panel.
Yes, it is possible to pass the exam by solving two out of three assignments.
As part of the exam, learners will have to write exploits and perform parts of reverse engineering on their local Kali Linux VM. A debugging VM will be provided in our VPN network.
No, all exploit code must be written in Python 3, which is also detailed in the exam assignments. This is to facilitate the grading process.
No, you must use WinDBG in the exam. WinDBG Preview is permitted, but it will not be installed on the exam machines nor supported by our Student Admins. This is to facilitate the grading process.
No, you must use IDA Free. The professional version of IDA and any other disassembler not allowed.
Yes, you may use any custom or open source WinDBG plugin or extension, but you must be able to fully explain what it does and how it works as part of your exam documentation. Note that the exam assignments can be fully solved with the tools and techniques taught through the course, so no additional plugins or extensions are required.
Exploit writing frameworks like pwntools or mona in WinDBG are allowed in the exam. Note that the exam assignments are created in such a way that it is unlikely that they will provide any assistance.
No, you may not transfer or download any exam-related files from the provided development VM, unless specifically stated in the exam assignment. In the cases where it is allowed, the exam-related files must be deleted at the end of the exam.
While you may use Discord as a resource for searching for information during the exam, under no circumstances are you permitted to seek or receive assistance from others on the platform. This includes but is not limited to, asking for help, sharing exam-related information, or discussing any aspect of the exam with others.
The challenges in the EXP-301 labs train most of the concepts that are tested in the exam.
The OSED exam consists of a pool of exam sets. The exam sets are assigned at random, so there is no guarantee you will receive the same exam set on a retake.
Learners who wish to address any concerns or seek clarification regarding their results can initiate an appeal through our Challenges Department. To initiate an appeal, please contact us via email at "challenges AT offsec DOT com"
Upon receiving your appeal, our team will conduct a diligent review of your results. We understand the significance of a timely response, and we commit to providing you with an update promptly after we have reached a final decision on the matter. Please note that we strive to complete the review process within a maximum of ten (10) business days.
Certainly! You can request an exam feedback should you have provided your exam report with us and have insufficient points. Please contact us via email at "challenges AT offsec DOT com" and we will provide you with feedback within 10 business days.
All OSED exams are proctored. Please make sure to read our online FAQ.