On the Offensive Security page, they recommend taking the EXP-301
course. Did you take it to prepare yourself for the exam?

1. Yes, it is necessary to take the course in order to obtain the
   certification.

Did you think the EXP-301 course was enough as a preparation course?

1. The course met my expectations. All the issues are explained in
   great detail. The course begins by explaining basic topics and as it
   progresses, it goes deeper and deeper into new techniques.

2. When you do the course, you have access to a laboratory where you
   can put into practice and reinforce the knowledge that you have
   obtained.

What does the Windows User Mode Exploit Development course consist of?
Why did you decide to take it?

1. The course is aimed at exploiting vulnerabilities in Windows
   operating systems. It focuses, mainly, on memory corruption
   vulnerabilities such as Buffers Overflows and techniques for
   bypassing security mitigations.

2. I decided to do the course because I am very passionate about things
   at a low level within operating systems. I want to understand how a
   program works and how it can be abused by an attacker to compromise
   a system.

The exam takes 47 hours and 45 minutes plus 24 hours to submit the
documentation.
How to be prepared for such a long exam?

1. Usually, Offensive Security certifications are very long. That means
   you always must be prepared for a long day. So it is important to
   take breaks from time to time to have a clear mind and not feel so
   exhausted.

2. During the preparation, I had long study days trying to simulate how
   the exam would be. This helped me to be prepared.

How did you manage the time they gave you?

1. I divided the 48 hours into equal parts. This is the time I set out
   to use at most for each exercise. And I established that I would
   move on to the next exercise in the event that I ran out of time.

2. Once the exam began, I dedicated myself to understanding what they
   asked me to do in each exercise and what requirements I should take
   into account for the documentation.

3. During the exam, every two hours, I took a small break to clear my
   mind. It is important to take these short breaks so you don’t feel
   so exhausted with each exercise. You also have to take hours to
   sleep because the day is very long and the time you have scheduled
   is enough to perform the exercises and get rest.

The exam asks you to be
familiar with
debuggers (ImmunityDBG, OllyDBG), basic
32-bit exploitation concepts and to be comfortable with
Python 3. Do you think they are
sufficient requirements, or would you add some other skills to be
prepared for the exam?

1. The course begins by explaining the 32-bit architecture. Then
   Offensive Security explains how WinDbg, the used debugger, works. If
   you’re familiar with these concepts, it will allow you to better
   understand and move faster during this part.

2. On top of that, it would be valuable to understand how a Buffer
   Overflow works. And finally, it would be nice to have a basic
   knowledge of Reverse Engineering.

Tell us a bit about your experience at the time of the exam.
How did you feel before and during the exam?

1. Before the exam, I was a little nervous because I don’t have much
   experience doing Reverse Engineering, which is an essential part of
   the exam. But it is also important to clarify that the course
   material is sufficient to pass the certification.

2. The exam is a roller coaster of emotions. There are moments
   when you feel bad because you have not advanced for a while, but
   then you find something that you had missed and allows you to move
   forward. When that happens, you get a boost of encouragement and
   confidence to continue with the exam.

How were your preparation days?

1. The course lasted two months in which I had access to the
   laboratory. During this period, I studied every day from 2 to 4
   hours after work. When this time ended, I started studying by
   replicating my own exploits in ExploitDB. After that, I
   continued with a routine like the previous one: two to four hours of
   work.

Did the pandemic change anything about your presentation of this exam
compared to others you’ve taken?

1. No. Every certification that I have presented has been during the
   pandemic, so there is no change. On the contrary, I think the
   pandemic gave me more time to study.

What was the hardest part of the exam? And how did you respond to
that?

1. For me, the most challenging thing about the exam was the part of
   finding the vulnerabilities using Reverse Engineering. Since I knew
   it would be difficult, I practiced a lot of how to reverse
   applications with already known vulnerabilities.

Will you have to take any certificate renewal exams?

1. No, none of the Offensive Security certifications expire. It is
   enough to get them once.

Any tips for preparing for this particular exam?

1. I would recommend that before starting the course, you study
   Reverse Engineering, Buffer Overflows and techniques to exploit
   them. Because the better these topics are understood, the better
   your performance will be during the exam and the course.

What’s next after this certification?

1. After this certification, I want to take the OSEP. Suppose
   someone obtains the OSWE,
   OSED and OSEP certifications. In that case, they are given a
   new certificate called OSCE3, which replaces the
   OSCE that was withdrawn the previous year.