Besides hosting private classes at my own Corelan Academy in Belgium myself, I work with external partners to host public trainings worldwide. These partners handle student registration, payments, invoicing, venue logistics, and they typically provide their own registration website.
You can find all upcoming dates, locations and registration links on the Training Schedule page. Simply click the training event you're interested in and following "Register" link to sign up for that particular class.
If you're interested in hosting a private training , this can be arranged either at the Corelan Academy (for small groups up to 8) or on-site at your company (for medium to larger groups, please contact me.
While Corelan Stack does introduce the basics of assembly and the general use of debuggers , it's definitely helpful if you already have a first exposure to x86 assembly. You can use this free guide on Assembly Language to get started. (Start at chapter 1.3 Assembly Language). You don’t need to be an expert—having a rough idea of what assembly looks like and what’s going on under the hood is more than enough.
That said, don’t stress if this feels intimidating or if you haven’t had the time to self-study beforehand. We cover everything that’s needed during the class, and even students with no prior assembly experience are able to follow along and succeed.
In practice, having a programming mindset matters more than knowing assembly upfront. Being comfortable reasoning about code, data flow, and program behavior is a much stronger foundation.
Concretely, you should be able to read and write basic Python scripts and understand very simple C/C++ code, for example code snippets demonstrating the use of functions such as strcpy() or memcpy().
Additionally, you should be comfortable managing your Windows and Linux VMs. Some basic experience with Metasploit (msfconsole / msfvenom) would be a great help as well.
You can read more about the prerequisites for Corelan Stack here
For Corelan Heap, I'll assume you already have practical hands-on experience with debuggers (WinDBG would be ideal), python and assembly, and that you understand Windows memory layout & management mechanisms, as well as practical experience with the stack, stack exploitation and Return Oriented Programming. You must be able to construct ROP chains by yourself and troubleshoot if a ROP chain does not work.
If you need a refresher on the basics of using WinDBG, check out this post on the Corelan Research Blog.
Would you like to push your WinDBG skills even further (i.e. even beyond the scope of Corelan Heap), check out this post (and other posts in the same series) on the Corelan Research Blog as well.
You can read more about the prerequisites for Corelan Heap here
Get some sleep before class, and don't make any evening plans during the Training. Some days will be longer than others, there might be some homework... and of course the training is intense and will require you full focus and attention 😊
Feel free to already join our Discord server. If you have any questions regarding the training or while setting up your lab environment, feel free to drop them in the #corelan-training channel.
Short answer: No
Corelan trainings are in-person only — by design.
Here's why:
Exploit development is a deep technical skill that requires more than passive consumption. It demands interaction, feedback, mindset development, and persistence. While there is plenty of public information available (including years of free research we’ve published on www.corelan.be), many people benefit from direct guidance, real-time feedback, and hands-on coaching — things that simply work better in a physical classroom.
We deliberately choose in-person training because it allows:
✅ One-on-one interaction with a dedicated instructor. Not just any instructor, but Peter himself (who built the class materials and did research)✅ Continuous feedback and pace adjustments based on student understanding✅ Live demonstrations, whiteboard explanations, and spontaneous deep dives✅ A fast-paced but flexible teaching style without technical disruptions✅ Direct validation of understanding — not just passive consumption.
In an in-person setting, concepts aren’t just explained — they are verified.
When you read a book or PDF, you interpret the material through your own lens. Misunderstandings can go unnoticed. Subtle mistakes in reasoning can persist. You might think you understand a concept, while missing a critical nuance that makes the difference between "control" and "luck". When you read a book or watch a video, you receive a fixed version of the material. The words were written once. The explanation was recorded once. If it doesn’t click for you in that exact form, you’re on your own.
In the classroom, those limitations don't exist.
We can see hesitation. We can see confusion. We can ask the right follow-up question. We can challenge assumptions. We can verify that you truly understand why something works — not just how to reproduce it.
If something doesn’t land, Peter can immediately reformulate. He can switch angles. Use a different analogy. Draw it on the whiteboard. Step through it in the debugger again. Slow down. Go deeper. Or approach the same concept from a completely different direction.
That dynamic adjustment simply isn’t possible with pre-recorded content.
Exploit development is not about replaying information. It’s about truly understanding what is happening under the hood — and being able to reason about it.
And that level of adaptive teaching only happens face-to-face.
Our priority is quality over scale .
Selling videos or running online classes would likely reach more people — and make more money — but it would compromise the learning experience we stand for. Watching a video is not the same as being challenged, questioned, guided, and coached in real time.
There’s also a practical concern: video-based training leaks .
Our courseware represents more than a decade of work and is our primary livelihood. We prefer to spend our time improving the courses and teaching, not chasing pirated material.
That said, we still aim to be accessible:
✅ Our classes are very reasonably priced for the depth and support provided. The combination Stack + Heap is the least expensive in the market.✅ We continue to host free research and learning material on corelan.be. Our material has inspired other trainers and classes (so why don't you learn from the source directly)✅ We support the community via public and private Discord channels✅ Students get unlimited after-class support, free of charge
We teach at strategic locations worldwide and can also travel to you for private trainings.
Corelan stands for quality. To guarantee a top-tier learning experience — and protect it — we teach in person.
First and foremost, I believe it is important to try to keep my classes affordable.
Given the context of high-quality in-person training, we're offering the combination Stack+Heap (covering all of Windows Userland) at a very competitive price, below what our most important competitors charge. Nevertheless, I am also aware my classes may still be too expensive for some of you. That's why I have a ton of free learning resources on www.corelan.be, as well as a Discord server where people can join and ask questions for free.
As indicated here, there are 3 ways to take a Corelan class.
TL;DR: YES!
Starting summer of 2016, we open the doors of the Corelan Academy (Harelbeke, Belgium) to small groups of students (actively enrolled in a real school and not professionally employed).
The initiative is called Corelan Summercamp, and it allows student to take Corelan Stack at a significantly reduced rate. (57% discount)
The honest answer: maybe — but I can’t know for sure.
Corelan Heap assumes that you are already comfortable with stack exploitation fundamentals. That doesn’t mean you need to have taken Corelan Stack specifically, but you should be genuinely fluent in the basics.
In practice, this means you should be able to:
👉🏼 Build and debug ROP chains 👉🏼 Read and reason about assembly code 👉🏼 Use debuggers (ideally WinDbg.) confidently and efficiently 👉🏼 Understand calling conventions, stack frames, and memory layout without hesitation
If that sounds natural to you, you may be ready.
That said, experience has taught me a few important things:
💁🏽 Taking a stack class elsewhere does not automatically mean your stack knowledge is solid nor accurate 💁🏼♀️ Many students only realize during Corelan Heap that their understanding of stack exploitation has gaps 💁🏾♂️ It is not uncommon for students to take Corelan Stack after Corelan Heap to strengthen their fundamentals
You are absolutely welcome to take Corelan Heap directly.
Some students do, and succeed.Others discover along the way that revisiting stack exploitation — especially from Corelan’s perspective — significantly improves their overall understanding. Even if you already took a stack course elsewhere, Corelan Stack often still adds value. Our approach focuses on why things work, not just how to make an exploit run, and many students report learning new concepts, mental models, and debugging techniques they hadn’t seen before.
Also important to know: ✅ CCED (Corelan Certified Exploit Developer) requires both Corelan Stack and Corelan Heap ✅ Corelan Heap builds on concepts introduced and reinforced in Corelan Stack ✅ Strong fundamentals make advanced heap exploitation far more effective and enjoyable If you’re unsure, the safest path is simple: Strong stack fundamentals first, then heap. If you’d like advice tailored to your background, feel free to contact me — I'm happy to help you make the right choice.
No. There is no subscription, no recurring fee, and no hidden cost.
After completing a Corelan training, you automatically receive access to free post-class support. This support is included in the price of the training and does not require additional payment.
You will get access to a private support channel in our Discord server, where you can:
Ask questions about the course material
Clarify concepts after revisiting the labs
Discuss issues you encounter while practicing or applying the techniques
Get guidance from the same instructor who taught the class
There are:
No support credits
No time limits
No paid “advanced” tiers
This model is uncommon in the industry, where post-class access is often limited, time-boxed, or moved behind a subscription. We deliberately chose not to do that.
Exploit development is not something you master in a few days. Real learning continues after the class, and questions often arise once you start experimenting on your own. We expect that — and we support it.
If you take a Corelan class, we stay involved. Our goal is not just to teach the material, but to make sure you understand it and can actually use it.