Offensive Security Advanced Windows Exploitation (AWE / OSEE) Review

Modern Warfare Students vs Trainers 0x2

the reason why I’m writing this post is due to the lack of reviews I found online about AWE course offered by offensive security. If you look up for OSCP or OSCE they are plenty but not so much for OSEE/AWE. If there is something I learned from hacking cons is that you can contribute to the infosec world by creating any kind of helpful material for other people (refer to the hacker manifesto); hence I decided to contribute to the infosec world in my own way too.

a little background:
To be honest it took me quite some energy and time to even get into this course due to its high demand and lack of availability. Fast forward I was sitting with almost other 30 students in Blackhat 2018 fronted by the offsec staff to teach us some exploitation black magic; and oh boy was it black magic…

the 4 days of pure pain, loss, and confusion:
There was no time to waste at all; we extended our class hours by 1 hour each day shrinking lunch time and breaks in a hope to absorb as much material in those 4 days as possible, and boy did we fail.

The inspiration:
What kept me so interested and motivated during those 4 days was:

    my absolute love for exploit development.
    The fact that everything I googled led me to Google Project Zero
    The fact that the blackmagic tricks I always saw in the big hacking talks were finally unveiled to me and it was no black magic anymore.
    Ok and maybe I did dream of exploits for 4 nights during this class. Don’t judge me?

day 1 + day 2
Flash 0day bypassing DEP, ASLR, and Sandboxes. Then obviously getting SYSTEM through another 0day.

day 3
0day in Edge browser bypassing all kind of Microsoft sandboxing and security measures for its luxurious new browser “edge” (hardcore af)
I was so lost here due to the amount of information that was thrown at me, and I was not alone. Everyone was lost, and this is normal.

day 4
Kernel (aka ring 0) exploits. Get ready to be friend with blue screen of death because you’re at the core here.

day ∞
after the 4 days; and 4 nights of dreaming of exploits I completely forgot about 80% of the material; which is again “normal”
Now that I have time to self study I will go through the material and study it a bit by bit learning on each step and bang my head on each fail (offsec style…)

– This class gets sold out in blink of an eye, do not wait and be a hacker to get it (use a script / bot to alert you when registration is open)
– If you’re flying from distance and you will be jet lagged – do some planning how to manage that (this was the hardest part to cope with)
– try to get connected with everyone in your class; you will probably need them! (this is a call for you; join our discord server for AWE here)
– get familiar with WinDBG; I learned a lot from this serie on youtube.

good luck, lol.

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">

This site uses Akismet to reduce spam. Learn how your comment data is processed.