OffSec 301: Windows User Mode Exploit Development Link to heading
In the beginning of 301 web site, it says: “OffSec’s Windows User-Mode Exploit Development (EXP-301) course provides a comprehensive understanding of modern exploit development techniques.” I’m currently on module 6 “Overcoming Space Restrictions: Egghunters” and up until now there is no content about 64-bit binaries. I understand that starting with 32-bit architecture is necessary to build a strong foundation. However, focusing only on 32-bit architecture does not align with the promise of providing a ‘comprehensive understanding of modern exploit development techniques’.
This course is designed for beginners in Windows exploit development, which is why it starts with 32-bit binaries and basic buffer overflows. Also, since kernel debugging isn’t covered in this course, I don’t think WinDBG was the best choice. I realize that developing really advanced exploits you will need to be proficient in using WinDBG, but here you are just starting. I believe the learning curve would be easier if the course had adopted x32dbg instead.
One major downside of 301 is that you have to use RDP to access the target Windows machine to be able to follow along with the content and exercises. Even with a good internet connection, RDP does not offer the same experience as having a local VM. It feels limiting and slows down the workflow. In contrast, MalDev Academy and SANS provide local Virtual Machines, which I find much more efficient.
To be fair, aside from the lack of 64-bit content, the material is very good. I appreciate the fact the material is available in text and in video format. I usually follow the text content but if I find something that I do not fully understand I watch the video and that usually helps.
SANS 660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking Link to heading
Let’s be completely honest: this is a VERY expensive course, which makes the expectations high. I have done many other courses from SANS and although my opinion here is focused on the 660 course most of it is applicable to the other courses.
Unlike OffSec 301, SANS 660 provides all the necessary Virtual Machines and materials. Now, it’s much better since the materials are in PDF format. Before COVID, they only provided printed copies. I did this course last year and did not take the GIAC exam. Now I’m reviewing everything and redoing the exercises to fully understand the content—some of which overlaps with 301—while also preparing for the GIAC. I can do this because I have all the materials stored on my laptop.
I understand the business logic of separating SANS courses from GIAC certifications—though I don’t like it. However, the additional cost for video recordings seems excessive. While SANS provides MP3 recordings of the classes, they aren’t enough for a course like this. What would be really useful is having access to the videos, which you can have if you pay an extra $1,000. Really, SANS? Couldn’t the videos be included in the already high price course?
Unlike the 301, 660 includes content on 64-bit exploitation. But even so there are two issues that should be addressed. First, they use the Immunity Debugger which was last updated in 2020 and requires the (extremely) outdated Python 2.7. It’s hard to believe this is a tool actively used nowadays. Lastly, although there are some explanations about 64-bit applications and the differences from 32-bit, the exercises are all based on 32-bit applications.
One improvement SANS could consider is providing support for Macs with Apple Silicon. I understand the technical challenges, but as Apple Silicon Macs become more common, this support would be a valuable addition. In the United States, surveys indicate that macOS currently has a 23% market share in enterprise environments.
The instructors were excellent and clearly have years of experience in the field. The instructor Stephen Sims has a YouTube channel that I strongly recommend.
MalDev Academy Link to heading
This is by far the most interesting and fun course I have ever done.
The course site says that as prerequisite is necessary to have some knowledge of C programming. I have wanted to enroll the course for a couple of years, but I thought I didn’t have enough experience with C. I have tried to learn C before but always found the materials very boring, I couldn’t see the value in them. Then I found the “C Programming for Everybody” on Coursera and the module “Learn Memory Management” from Boot.dev. Doing those courses really helped me prepare for MalDev Academy. If you lack experience in C, I highly recommend doing those courses first. I may be wrong but for what I have seen I believe the most important thing is understanding structs, pointers, and how memory management works.
The first modules of the course give the foundational knowledge necessary to understand more complex topics. Take your time to fully understand Windows Architecture, Windows Memory Management, Windows processes, etc. And trust me, you really need to become best friends with Structs and Pointers. The entire course is text-based. I think that works most of the time because the content is very well explained. However, I believe it would be very beneficial to have videos for some complex topics, like encryption. The provided Virtual Machine has everything you need to complete the course.
I’ve completed half of the main modules, and every day I look forward to starting the next one.
Anxiety Link to heading
Learning cybersecurity is exciting, but it comes with a great deal of anxiety. There’s so much to learn, and at times, I feel overwhelmed—sometimes because I think I’m not learning fast enough, and other times because I worry I’ll never fully understand certain topics.
To manage this, I’ve shifted my focus from results to process. Instead of setting rigid daily learning goals, I block time for each course and focus only on the material during that period. This has helped reduce my anxiety, but it’s still something I struggle with.
I’m curious—do other cybersecurity learners feel the same way? How do you handle it?"