The Unofficial OSED Study Notes

The Unofficial OSED Study Notes

These OSED Study Notes are not another recycled penetration testing summary pretending that exploit development is just “find overflow → run exploit → get shell.”

The material goes much deeper into the operational reality of modern Windows exploit development, where understanding assembly, memory corruption, debugging, shellcode construction, and mitigation bypasses becomes mandatory rather than optional.

The book repeatedly reinforces one core truth: OSED is not about using exploits ; it is about building them manually under pressure.

The strongest aspect of these OSED Study Notes is that they bridge the massive gap between beginner buffer overflow tutorials and real exploit engineering.

Instead of stopping at simple EIP overwrite demonstrations, the material pushes directly into advanced exploit development concepts such as SEH exploitation, egghunters, DEP bypass, ROP chains, stack pivoting, island hopping, partial overwrites, shellcode encoding, bad character elimination, and mitigation-aware payload construction.

The notes also make it very clear that modern exploit development is fundamentally a debugging discipline.

WinDbg is treated as a battlefield environment rather than just a debugger, with workflows covering breakpoint management, register inspection, memory dumping, stack analysis, exception handling, and shellcode tracing.

Instead of blindly copying exploit chains from GitHub or relying entirely on Metasploit, the reader is forced into low-level reasoning and manual exploit construction. This is one of the few cybersecurity learning paths that genuinely punishes tool dependency and rewards operational understanding.

A major strength of these OSED exploit development notes is how they explain the anatomy of memory corruption from the ground up.

The workflow becomes systematic: crash the application, identify the offset using cyclic patterns, gain EIP control, redirect execution flow, analyze bad characters, locate reliable instructions like JMP ESP, then stabilize shellcode execution. Rather than presenting exploitation as “magic,” the book breaks exploitation into repeatable engineering steps that advanced penetration testers can reproduce across different targets.

The shellcode development sections are particularly valuable because they avoid the usual beginner trap of over-relying on payload generators. Instead of simply generating payloads with msfvenom, the material dives into how Win32 shellcode actually works internally, including API resolution, stack construction, opcode generation, null-byte avoidance, encoder limitations, position-independent execution, and handwritten assembly payloads.

There is heavy emphasis on understanding why shellcode behaves differently across operating systems and memory layouts, which is precisely the mindset shift required for real-world exploit development.

Another area where these OSED Study Notes stand out is mitigation bypass coverage. Many exploit development resources still teach techniques that collapse immediately once DEP, ASLR, SafeSEH, or CFG are enabled.

This book directly addresses that reality by introducing modern bypass workflows involving ROP chains, VirtualAlloc/VirtualProtect usage, gadget hunting, stack pivots, and constrained memory execution. The notes repeatedly reinforce that modern exploitation is no longer about finding a single vulnerable instruction ; it is about controlling execution under hostile memory protections.

The egghunter and constrained-buffer sections also reflect a much more realistic exploitation mindset than most public tutorials. Instead of assuming large clean buffers, the notes explain how attackers deal with fragmented payloads, restricted memory space, corrupted characters, and unstable jumps.

Table of Content

Foundations

  • About OSED (EXP-301)

  • Core Mindset Shift

  • Core Technical Domains

  • Reverse Engineering Discipline

  • Payload Restriction Tracking

  • Exploit Script Discipline

  • Exam Operational Strategy

  • Reporting Discipline

Assembly & Low-Level Internals

  • x86 Assembly Mastery

  • x86-64 Architecture

  • Registers and Calling Conventions

  • Control Flow and Memory Layout

  • Stack Internals

  • Portable Executable (PE) Format

  • PE Headers and Sections

  • Import Address Table (IAT)

  • Export Address Table (EAT)

  • Global Offset Table (GOT)

  • Return-Oriented Programming (ROP)

Debugging & Reverse Engineering

  • WinDbg Operational Mastery

  • Breakpoints and Register Inspection

  • Memory Dumping

  • Exception Analysis

  • IDA Workflow

  • GDB and PEDA Usage

  • pwndbg Workflow

  • Decompilers and Decompiled Code Conversion

Exploit Development

  • Stack-Based Buffer Overflows

  • Finding Exact EIP Offsets

  • Bad Character Analysis

  • Working with Small Buffers

  • Partial Overwrite Techniques

  • Island Hopping

  • JMP ESP Discovery

  • NOP Sleds and Stack Alignment

  • SEH Exploitation

  • Egghunter Shellcode

  • Heap Overflow Fundamentals

  • Use-After-Free (UAF)

  • DEP Bypass

  • ASLR Bypass Thinking

  • ret2libc

  • ret2dlresolve

  • RET2GOT

  • Stack Pivoting

  • Gadget-Based Exploitation

Shellcode Development

  • Win32 Shellcode from Scratch

  • Dynamic API Resolution

  • Null Byte Avoidance

  • GetPC Techniques

  • MessageBoxA Shellcode

  • WinExec Shellcode

  • Payload Encoders

  • Alphanumeric Encoding

  • Shellcode Extraction

  • NASM Workflows

  • Opcode Generation

Automation & Operational Discipline

  • Python Exploit Automation

  • Socket Fuzzing

  • Crash Detection

  • Bad Character Automation

  • Gadget Extraction

  • Modular Exploit Infrastructure

Who Is It For?

OSED / EXP-301 Students

If you are preparing for OSED, this book compresses a large amount of operational exploit development knowledge into a single structured workflow.

The material directly targets:

  • WinDbg usage

  • Shellcode construction

  • SEH exploitation

  • ROP chains

  • DEP bypasses

  • Reverse engineering discipline

  • Payload debugging

  • Manual exploit development

OSCP Holders Transitioning Into Exploit Development

Many students discover that OSED is fundamentally different from OSCP-style exploitation.

OSED rewards:

  • Precision

  • Low-level reasoning

  • Debugging endurance

  • Manual exploit construction

  • Adaptation under restrictions

It does not reward:

  • Copy-paste exploitation

  • Blind tool dependency

  • Surface-level reversing

This book bridges that transition.

Malware Analysts & Reverse Engineers

The PE internals, assembly analysis, stack manipulation, and debugging workflows are directly useful for malware analysis and reverse engineering.

Security Researchers

Researchers exploring:

  • Memory corruption

  • Exploit primitives

  • Mitigation bypasses

  • Shellcode engineering

  • Low-level debugging

will benefit from the structured workflows included throughout the book.

Cybersecurity Students Seeking Real Low-Level Skills

If your current learning path feels too theoretical, this book forces direct interaction with:

  • Memory

  • Registers

  • Calling conventions

  • Control flow

  • Payload execution

  • Exploit reliability

OSED Review

OSED is one of the most mentally demanding certifications in offensive security.

The exam is less about memorization and more about operational resilience under technical pressure.

Students who fail usually struggle with:

  • Debugging fatigue

  • Poor WinDbg workflow

  • Weak assembly understanding

  • Inconsistent exploit scripting

  • Lack of payload discipline

  • Inability to reason through mitigations

OSED notes was written specifically to reduce those failure points.

The book repeatedly reinforces:

  • Stack understanding

  • EIP control

  • SEH workflow

  • ROP reasoning

  • Register tracking

  • Shellcode debugging

  • Memory inspection

  • Exploit scripting discipline

Unlike shallow certification summaries, the material pushes readers toward deterministic exploit reasoning.

The strongest aspect of the book is its operational focus.

Readers are not only shown:

  • what to type

but also:

  • why the exploit works

  • why the payload fails

  • how mitigations alter execution flow

  • how registers mutate during execution

  • how shellcode interacts with memory

  • how to recover from unstable crashes

The result is a far more realistic preparation path for exploit development.

Access The Book

https://buymeacoffee.com/notescatalog/e/539777

0 comments

Leave a comment

Our Best Pick of Cyber Security Notes
Certified Security Blue Team Level 2 (BTL2) Study Notes (Unofficial)

Cyber Security Certification Notes

The Kali Linux Pentesting Cheat Sheet

Cyber Security Study Guides

Master AI for Content Creation, Business & Marketing

AI & ML Study Guides

The Definitive Networking Cheat Sheet (Tools)

IT Study Guides

Cybersecurity · Offensive & Defensive · Practitioner-First

Stop reading docs.
Start thinking like an attacker.

Field-ready notes, methodology breakdowns, and certification cheat sheets built by a practitioner for practitioners.

Browse Free Notes Unlock Premium →
62K+YouTube Subscribers
20K+Web Visitors
4K+Students and Professionals Using The Notes

What's in the vault

Two tiers.
One clear mission.

Whether you're just getting started or deep in the trenches, there's a tier built for where you are right now. Free notes cover the essentials — premium unlocks the full playbook.

Free Access

The essentials,
on the house.

A curated library of beginner and intermediate notes you can access right now — no signup, no friction.

  • Introductory walkthroughs on core concepts
  • Tool overviews: Nmap, Burp Suite, Metasploit & more
  • Selected HTB writeup summaries
  • Foundational blue team methodology notes
  • YouTube companion write-ups
Start Reading Free
Premium

The full
practitioner playbook.

Every note, every cheat sheet, every methodology breakdown — structured the way a senior analyst actually thinks.

  • Full OSCP, CPTS, OSWE, HTB CDSA prep DISCOUNTS
  • Complete HTB machine writeups (Guardian, Expressway & more)
  • AI Red Teaming tooling comparison notes
  • SOC analyst learning roadmaps & playbooks
  • Threat intelligence methodology guides
  • Malware analysis case studies (NotPetya & more)
  • New content added continuously
Become a Member →

Coverage

What you'll actually use.

Notes built around real engagements, real exam objectives, and real SOC workflows — not a rehash of vendor documentation.

#Penetration TestingOSCP · CPTS · HTB
#Web App SecurityOSWE · Bug Bounty
#SOC & Blue TeamCDSA · SIEM · IR
#Threat IntelligenceTAXII · YARA · MITRE
#Malware AnalysisReverse Engineering
#AI Red TeamingGarak · PyRIT · LLM Sec
#Network SecurityActive Directory · Pivoting
#Tooling & AutomationScripts · Integrations

Cert Coverage

OSCP CPTS OSWE HTB CDSA CEH CompTIA Sec+ eJPT

The author

Motasem Hamdan

I'm a cybersecurity practitioner, technical writer, and content creator who got tired of resources that treat readers like beginners forever.

My notes are built the way I wish someone had built them when I was grinding through certs and CTFs — methodology-first, practitioner-grade, and structured for how analysts actually think on the job.

Over 62,000 people on YouTube follow along. Thousands more read on the site every month. These aren't notes for passing an exam and forgetting everything — they're references you'll keep coming back to.

YouTube Channel @MotasemHamdan · 62K+ subscribers Main Site motasem-notes.net Store shop.motasem-notes.net
motasem_notes — practitioner.sh
whoami
motasem_hamdan — cybersec_practitioner

cat expertise.txt
offensive_security: advanced
blue_team_soc:      advanced
threat_intel:       advanced
technical_writing:  practitioner-grade

ls content/
htb_writeups/  cert_cheatsheets/
ai_red_team/   soc_methodology/
threat_intel/  malware_analysis/

cat philosophy.txt
"teach how to think,
 not just what to type."

_

Membership

One subscription.
Everything unlocked.

Skip the hours lost searching fragmented resources. One membership gives you the full library, updated continuously as the threat landscape evolves.

Free $0 forever
  • Foundational notes library
  • Selected HTB summaries
  • YouTube companion write-ups
  • Tool overview guides
Start Reading
Most Popular Premium Member $15 / month · cancel anytime
  • Full notes library (100+ resources)
  • Cert prep DISCOUNTS: OSCP, CPTS, OSWE, CDSA
  • Complete HTB machine writeups
  • SOC analyst methodology playbooks
  • AI Red Teaming notes
  • Threat intelligence guides
  • New content every week
  • Priority access to new releases
Become a Member →
Store : One-Time Pay What You Want
  • Buy individual cheat sheets
  • Downloadable PDFs & guides
  • No recurring commitment
  • Yours to keep permanently
Browse Store

FAQ

Good questions.


The free tier has solid foundational content. Premium notes are written for intermediate-to-advanced practitioners — they assume you know the basics and want to go deeper. If you're grinding toward OSCP or working in a SOC, you'll feel right at home.
Continuously. New walkthroughs, methodology updates, and cheat sheets drop regularly — aligned with new HTB machines, cert updates, and emerging threat topics. As a member, you get access to everything as it lands.
Yes, absolutely. Membership is managed through Buy Me a Coffee — you can cancel any time directly from your account. No long-term lock-in, no awkward cancellation flows.
The membership gives you ongoing access to the full library for a monthly fee. The store lets you buy individual resources once and own them permanently — good if you just need one specific cert pack.
Definitely. Head to @MotasemHamdan on YouTube — over 62K subscribers and a large back-catalogue of walkthroughs, tool demos, and methodology breakdowns. Best way to see if the teaching style clicks for you before committing to anything.
motasem-notes.net Practitioner-grade cybersecurity notes & resources.
Site Store YouTube Membership