Corelan Training
Professional Exploit Development Training

FAQ

Topics:

Do you teach online classes? Or sell videos?

The short answer is no. But allow me to elaborate and explain why we took the decision to only teach in-person classes.

1. Quality

We care (more) about quality (than quantity).

Exploit development is a technical skill that requires a solid understanding of OS mechanism & tool mechanics, the development of a specific mindset and a strong will to persevere. Although there are a lot of guides, articles, tutorials, videos, books and papers out there that discuss exploit development related topics, we realize that it still can be intimidating and difficult to build the skills and mindset by using public information only. Not all public resources are accurate, not all public information is written with knowledge transfer in mind. Not everyone is able to gather the skills just by using the public information. If it worked for you, that’s absolutely great! If not, our in-person classes can certainly help as well!

We strongly believe that an in-person class has a number of important benefits:

  • You’ll get access to a trained and dedicated instructor, who is able to interact directly with you, one-on-one, and is able to see/sense if you understand the materials before moving on to a new topic.
  • Video technology works great, internet connectivity is a commodity in lots of places of the world… but things can still go wrong, affecting the overall pace of the class and quality of the training. We fear that an online class may not go as smooth as an in-person class. It might go well, it might not. But as we only have 3 or 4 days of class at our disposal, we simply don’t want to take the risk.
  • We have constructed our training materials in such a way that it allows us to find the right balance between sharing lots of details, without going too deep. Our classes are fast-paced. To ensure high quality knowledge transfer, our teaching style involves a lot of human interaction, impromptu whiteboard activity, demonstrations & visualizations. These things simply go better when everyone is in the same room.
  • An in-person class allows us to be flexible without jeopardising the overall timings. It provides the trainer with the ability to improvise, to adjust the pace, to change the narrative and pick different wordings to get something across. Being there in person allows the trainer to work with individual students directly as needed.

After all, we care more about making sure that you fully understand the materials than selling more classes. We probably would make more money by producing & selling videos., but that’s not our main driver. Our primary goal is to ensure our students get what they deserve: a top notch learning experience.

And yes, we love teaching :)

The Corelan brand represents quality.

Over the past decade, we have worked hard to build the courseware materials and to fine-tune our classes. We have built a blog (www.corelan.be) and shared tons of research for free. We have built and supported a community and continue to so do. We’re operating a slack channel that is open to the public. We’re proud of what we have built and achieved, and continue to put quality first.

We simply cannot guarantee a high-quality knowledge transfer by selling you a video recording or by forcing you to be part of an online event that limits our ability to interact, that undermines your ability to ask questions and speak freely, when you want, about anything you’d like.

Watching a video will never be the same thing as being part of a class, being challenged by the instructor, being forced to demonstrate that you fully understand the materials.

As a teacher, having the ability to look students in the eyes and build rapport, is an important tool to gauge how things are going, to detect issues, doubts, concerns and to make sure everyone feels at ease.

Quality is what we stand for. And we’d like to keep it that way. Seeing our students pick up on the materials and improve their skills makes us happy. If we do a bad job, we’re the only ones to blame. We simply cannot afford allowing a recording or videostream affect our reputation.

2. Online/video based training get leaked all the time.

We’re obviously concerned about keeping our courseware private and confidential. It took us more than 10 years to build the materials and to fine-tune our teaching methodology and scenario’s. We make a living teaching classes. It is our primary source of income. Unfortunately video-based classes often get leaked and shared on the internet, directly affecting the income of the people that sell this courseware.

Making money by teaching is not a crime. I encourage everyone to spend time doing research, putting a course together, finding students and teaching classes. It’s a great thing to do. And you can make money too.

Stealing someone else’s work, and illegally sharing (copyrighted) courseware is not so great. Aside from being illegal in certain countries, it is really disrespectful to the people that put in the effort to build the materials. People that share materials often use the “knowledge must be free” excuse. But in our case (exploit development): knowledge is already free. We have published tons of information on www.corelan.be and continue to fund the hosting of the website out of our own pocket. For free (for you. not for us). Building the courseware required a major investment (not free).

Anyway, we simply don’t have the resources to search for leaked materials all the time. We prefer to do research, to keep our courses up-to-date and to teach classes instead.

We’re trying to reach as many people as possible

1. Reasonably priced

Taking various parameters into consideration, we believe that our classes are reasonably priced. Of course you’ll find courses that are more expensive, and you’ll find classes that are less expensive. You may dislike paying for classes to begin with. Perhaps you don’t have the funds available to take one of our classes, or maybe you prefer to get video-based classes because those are often expected/considered to be less expensive… but in any case we’re confident that we’re offering top-notch materials at a fair and balanced price. If you’re not able to afford our classes, that’s ok. We can still support you in your self-learning process. Feel free to head over www.corelan.be and you can start learning exploit development right now, for free. Join our Slack workspace and ask questions. We’ll help you, for free.

If you’re fortunate enough to afford the funds (or if you have an employer that is willing to invest in your future), and if you prefer to learn in a classroom setting, get tips & tricks from an experienced exploit developer, and learn a ton of skills in just a few days, don’t hesitate sign up for one of our classes.

In addition to ensuring a high-quality learning experience, we also provide investment protection, unique in the industry. We don’t expect anyone to become a master at exploit development in just 4 days, and we realize that people may have questions after class… that’s why we provide after-class support. So, if you decided to take one of our classes, you’ll get access to a support platform (a private Slack channel) allowing you to ask questions (about the course materials).  For free, and without limitations. If you decide to invest in your future and take one of our classes, then we’ll help you out after class as well. 

2. We teach our classes at strategic locations, and we can travel to you as well.

It is our ambition to reach as many people as possible, so we decided to host classes at strategic locations across the world on a regular basis. We’re not doing remote classes, but we try to make it easier for you to attend one of our trainings.

  • Europe: BruCON Gent (Belgium) and Hack In Paris (France)
  • USA: Columbia, MD (in collaboration with CCST)
  • Middle East: Dubai (in collaboration with Hackers Academy)
  • Asia: Singapore (in collaboration with Infosec In The City)
  • Australia: Sydney (in collaboration with PwC and Beyond Binary)

If you are a company/organization/government entity and if you can bring a group of people together, we can come to you and teach the class in the comfort of a private setting as well.

Where/How can I sign up?

Our training schedules can be found here.
The schedules page shows all upcoming public and private classes.
For public classes, a link is posted to the corresponding registration page (provided that registration has opened and that we still have seats available.

Are your classes Corona-proof?

The health & safety of our students, trainer and everyone involved is of utmost importance.

While we all wait to get vaccinated, we take the following precautions:

  • Limited number of students (based on the dimensions of the class room) to ensure social distancing.
  • Ventilation of the room / air purifiers.
  • Face masks.
  • Hand sanitizers.
  • Trainer is PCR tested.
  • We encourage students to get a PCR test done in the days prior to the start of class.
  • If a student develops symptoms, we recommend to get tested (and to skip the rest of class).

3 days or 4 days? What’s the difference?

We prefer to teach our classes in a 4day format. Some people have commented that perhaps a 5day class would be even easier to process, but overall 4 days should be sufficient to get all the information across and to get you started. In the end, our classes are just a starting point. In order to get better at exploit development, you’ll have to get (a lot of) practise after class is done.

Most conferences/seminars, however, restrict the number of available days for training. Trainers typically get 2 days, sometimes 3 days to teach their classes. That’s why our classes at BruCON and Hack In Paris only take 3 days.

Rest assured, we teach exactly the same content. We just go a bit later in the evening. 

4 day classes typically start at 9am and end between 5pm and 6pm. In a 3day model, we start at 9am and usually end the first 2 days between 9pm and 10:30pm. The last day usually lasts until 6:30pm. In both models, it might be required to take some assignments home (homework) on the first/second day of class.

What is the right class for me? Bootcamp or Advanced?

We have created a one-page overview of both of our classes. You can find the document here.

Some highlights:

  • The Bootcamp is perfect for beginners. It starts from scratch and uses stack-based exploitation as a basis to learn all about processes, memory layout, the various tools and finally DEP bypass via ROP. You’ll need to have some experience writing python scripts, managing virtualization software, windows and linux. It would be great if you also have some basic experience using the Metasploit framework (msfconsole and msfvenom). If you took OSCE, then you’re ready for the bootcamp (not the advanced class). Even if you have some basic experience with stack based exploitation (based on information you found on the internet), it might still be a good idea to take our Bootcamp. You can find more information about the bootcamp here
  • The Advanced class requires practical experience with ROP, assembly and debuggers. The class is 100% about heap exploitation and focuses quite a bit on heap management, heap primitives and heap related corruptions. In addition to meeting the requirements for the bootcamp, you’ll need some experience writing javascript. It is not an absolute must to take the bootcamp prior to taking the advanced class, but in my experience people tend to overestimate how much they really know and understand about topics covered in the bootcamp, hindering their progress and understanding during the advanced class. So yes, I recommend taking the bootcamp before taking the advanced class. You can find more information about the advanced class here

    • Both classes cover a lot of topics in just 3 or 4 days. Make sure you are prepared, make sure to get a good night sleep before class begins.

When will you create a 64bit exploitation class?

Great question! In fact, both of our classes already include an introduction to 64bit exploitation, and during the Advanced class, I’ll indicate what techniques will work in 64bit (and which ones won’t), and what the available options/alternatives are. After taking my classes, you’ll understand what it takes to dive into 64bit yourself. In fact, both of my classes are designed to arm you with generic understanding and insights on how you can do your own research and what to look for.

Anyways, going back to the question: the main reason why I have not been able to build a full 64bit class yet is because there seems to be a lack of publicly available exploits for 64bit (userland) targets, that would be useful to teach generic knowledge. Then again, if you take both of my classes, you’ll already have a solid understanding of what exploitation looks like on 64bit and what you’ll need to do & look for.

Investment protection

Our courses are packed with years and years of knowledge, experience, and tons of exercises. We spare no efforts to make sure our students can get the most out of the class… but we also realize that there is only so much a human being can absorb in just a few days. Furthermore, it’s not realistic to expect to be an expert at exploit development after this class ends. You’ll need to put in a lot of practise to get more fluent at writing exploits. That means you may end up with questions and may need some guidance after the class ends.

We care more about quality than quantity, and we are committed to making sure our students really feel supported during class and after the class ends. This means we provide post-training support to all of our students. If you have taken the course and you still have questions afterwards, we will help. This support system is unique in the industry, and is a great way to protect your investment.

Designed by Corelan Consulting.