Corelan Heap doesn't just dive deep into the Windows heap, it teaches you how to do your own heap research. It covers precise heap manipulation (including Corelan's Memorigami), heap exploitation and the research of heap exploitation primitives and information leak strategies across a wide range of bug classes. Stuff that works on 32bit and 64bit. Widely regarded as the most advanced class on building a universal, research-driven understanding of heap management, heap exploitation and information leak strategies.
Understanding Heap managers through research and experimentation
Precise control over heap memory layouts. From Spraying to Memorigami
Solid techniques and strategies across bug classes. 32bit and 64bit
Reliable strategies to disclose memory layouts and bypass ASLR
Your browser does not support HTML5 video.
I came into the class feeling underprepared. I had no clue what LFH, FEA or BEA stood for, let alone what they did. In part, this was due to a lack of online resources for understanding the Windows Heap. The ones that did exist were either intimidating whitepapers, or very old guides. That’s not to say they weren’t good. In fact, Peter Van Eeckhoutte has written some great free resources. However, I knew I couldn’t get a good understanding of the Windows Heap solely relying on them, so I signed up for Peter’s class with VERY high hopes – that somehow, in a mere 4 days, he could teach me the Windows Heap up to a point where I could continue on my own.
Peter not only met my expectations, he THOROUGHLY exceeded them.
Peter is the rarest kind of teacher I’ve met: Someone with world-class expertise, a great knack for teaching, yet still down-to-earth. In REALTIME, I felt myself going from “What IS the LFH?” to “This makes so much sense!”; the whole time, realizing that reaching this level on my own, would have taken YEARS.
Not only is Peter sharp – he answered any questions I had without missing a beat, he’s also transparent in sharing the mistakes he made during his own research so WE could avoid them. In a world where complex findings are often presented as effortless, learning that Peter’s expertise did not stem from natural-born talent, but rather solitary persistence over 15+ years was a breath of fresh air.
I learned what subsystems make up the Windows Heap Manager, how they work, and what attacks I could perform on Win7 up to the latest build of Win11. More importantly, I learned a GENERIC methodology to use when doing my own research in future Windows versions. Peter admits that by teaching this, he risks losing repeat business. When I asked why he chose to do so, he said he prioritizes his students’ understanding over how much money he can make.
Of course, finishing the live training is just the tip of the iceberg. Post-course, I’m “blessed” with TWO years’ worth of homework to hone the skills I’ve learned. I also have access to a private Slack channel, where I can ask Peter and fellow Corelan Alumni any questions.
Despite Peter’s legendary reputation, I feel his courses are underrated. I think this is because he spends most of his time improving his courses instead of marketing them. I hope this short post I’ve written can illuminate WHY his courses are so good, and help readers decide if the training is right for them.
Thank you for conducting such an amazing training on modern windows exploitation, i can’t describe the amount of knowledge i gained in those 4 days. I would highly recommend corelan advanced training. The most important thing to take away from the training is you don’t get to think about one specific vulnerability but rather a mindset on how to tackle issues on runtime which is worth way more than poping a shell for just one vulnerability. It is not some course that just copies public research/vulns and hands over exploit, rather one will deep dive into heaps and memory management (which by the way is the foundation for any exploit on modern windows OS).
It is worth every single penny spent !
This training was awesome! I did a few security trainings before, but this is definitely my favourite so far!
Peter was very very well prepared and had a lot of patience to answer all questions. The training starts gradually with windows 7 and then builds up to windows 10 and latest heap exploitation techniques.
Very intensive, even though I had a bit of experience about these topics previously. After the 3rd day was felling quite tired of and day 4 was complete brain meltdown!
Loved it!
Amazing training ! Peter is an excellent trainer that wins your respect from the very first moment! I learned lots of things which are now very clear in my mind. I strongly recommend this course to anyone who wants to dive into low level concepts ! Excellent quality ! Thank you Peter, for such a powerful training course!
The Corelan Advanced training was very well structured. Peter spends a great amount of time going over the heap and heap internals before touching a single exploit (over half of the class covers the heap internals) to make sure you have a very thorough understanding of the bug class, and the exploit. If are interested in the Windows Heap I HIGHLY recommend taking this course. Finally unlike a lot of other courses that just give you a few bugs and 1 or 2 labs, Peter provides students with roughly 2 years worth of “homework” assignments where you get to apply the knowledge you gained from the class into real world exploitation scenarios.
This training is a deep technical binary exploitation course with a focused approach towards the Windows Internals, the Stack Internals, and the Heap Internals.
The instructor’s thought process as an experienced exploit developer changes your worldview about how you approach software/bugs/exploitation, what questions you ask, and developing a methodology.
The instructor can clearly illustrate visual diagrams of how memory corruption exploitations occur on a conceptual level as well as what happens given a specific case study of a CVE.
The instructor questions and challenges your thinking, stepping through the debugger, and building your understand of the instruction and interaction with the system.
The instructor provides a systematic, thorough, and realistic list of CVEs/exercises, across OS versions, that covers what was taught in the class and more, even pushing you into starting your own research.
You get the opportunity to meet and network with other individual invested in doing deep technical work, which may be rare.
There are few to no other courses that offers this level of technical depth that is being covered, at least not publicly.
Testimonials that give you a good sense of what the course is like beyond the page of the course content description : Voidsec Wiebe Willems Matteo Malvica Gershom Rogers Rikkert Ten Klooster Mario Kornab Nick Kapil Khot
Attended the combo; Bootcamp and Advanced Training.
Attending the Heap Master class was a transformative experience for me. The course provided in-depth knowledge on heap exploitation techniques, delivered with clarity and precision. Peter is incredibly knowledgeable and approachable, ensuring that complex concepts were accessible and engaging. The hands-on labs and real-world examples reinforced the theory, making it a practical and invaluable learning experience. I highly recommend this class to anyone looking to advance their skills in exploitation.
best training I’ve ever had. Reasons are: – I understood every, and I mean every, concept Peter explained during the training: he did a great job to deliver every concept verbally, visually, examples at the whiteboard and most important by interacting with students, so we were able to assimilate stuff in our own preferred way – Peter is really a nice guy to interact with, you never feel the “fear” to ask something – he’s going to answer you anyway – training it’s not only about techniques, internals but also exercises: every single exercise is meant to give you an experience of what is that particular topic about in “real life” – last but not least, we have now his methodology to aid us starting our journey in the exploitation field, but is up to us now, no silver bullet. This is what I feel is the most valuable knowledge Peter was able to transfer us. If you are unsure about taking this course, please do yourself a favour and take it.
Peter is a phenomenal instructor and has created a great curriculum. While lots of information, the Advanced class covers the material in an manner that is easy to understand. The course is extremely technical and teaches by doing. I highly recommend this course if you are interested in exploit development or vulnerability research.
Peter explained the key concepts of heap exploitation very well. We did practice méthodologies on multiple real life interesting scenarios. The course in 4 days was quite challenging but pleasant and open minding.
After years of trainings, CTFs, classes, and practice binaries around stack exploits, everything about the heap was still mysterious dark magic to me. A lot of people who had taken high-level Offensive Security courses strongly recommended taking Corelan’s Heap exploit class and said it was a key component of giving them the knowledge needed to succeed at exploit dev and high-level OffSec classes. After completing the Heap exploit class, I have to agree – Peter clearly explained the Heap using terms that made perfect sense to me with my knowledge of the deterministic stack, and shed light on why Heap exploits are harder for software and OS developers to prevent. What was previously dark magic became a simple matter of thinking differently about concepts and structures I already knew. Peter also understands the value of practice and doesn’t leave students hanging after the end of class – he provides a lot of guidance on where to go from here as well as offering ongoing support via Discord. Of all the cybersecurity classes I have taken, this is THE class that goes the extra mile to set students up for longterm success. This class was very, very, very worth the time & money. As I write this, a handful of hours after the end of the last day, my brain has melted, but I can’t wait to wake up tomorrow, review the slides and my notes, and get started on the follow-up exercises.
I attended the stack buffer overflow course in October 2024. The duration of 4 days was not too much. The course balances theory and practice. Peter was a really good and pleasant teacher.
If you’re comfortable with ROP and if you want to take a deep dive into the world of heap exploitation, I can highly recommend this course. Peter is an excellent and inspiring teacher and researcher that’s able to explain even the most complex aspects of the heap in a structured manner. He really cares whether his students understand the material in class and he even provides exercises that should last for months after the class has finished.
This is the best hands-on experience you can get and if you’re willing to learn, this is for you.
I had a blast when attending the Corelan Advanced training. I learned heaps about heap management in Windows and exploitation. Furthermore, during the training a lot of concepts became a part of my reversing / exploitation skills such as: vtables, pointers, IAT and ASLR. Although I was familiar with most of these concepts, during the training they became more clear to me, since they were building blocks for the heap exploitation course. The training is provided at a fast pace and Peter is able to create a great environment for learning. I did not only learn how the Windows heap works, but was able to use the learned concepts to understand the basics about the Linux heap manager. Within a week of the training, I solved my first Linux heap CTF challenge, without any previous knowledge of how the Linux heap worked 🙂
Just got back from the training and still trying to process everything. I will be busy for months working through what Peter has provided us with. If you are thinking about attending the training, but you are unsure because it “only” deals with Win32, IE on Win7, let me tell you one thing: It doesn’t matter. This has nothing to do with “before you run, you have to learn how to walk”. In this training, Peter explains the process of developing exploits on modern systems. The course aims to teach you how to think and how the heap works. It does not matter if you don’t write exploits for Edge on x64, trust me. In order to do that, you have to put in the work first and understand how the low level mechanisms and data structures work and at the end of the day, most of the content you learn will (with modifications) also apply to Win10. It was one of the best technical trainings I was ever able to attend. Thanks Peter!
After many years of reschedules I was finally able to take this class. It exceeded my expectations a lot just as much as the amount of information Peter heaped into my head. No day goes by without any new insight and new knowledge. To craft course content around years of experience leaves to the imagination the cache Peter is yet to share to the world. Having lasted the final day is not the end; there’s a lot of homework. Don’t worry, Peter will give enough material to guide you through.
Simply a great class!
For anyone that seeks a future; professionally, academically or for any other reason, in Windows exploitation, this is for you!
Learn the ins and outs of the heap mechanisms of Windows, as well as ways to exploit the most common related issues.
What I appreciated most with this class is the fact that Peter gives you the tools and the mechanisms not to simply solve your tasks, but to develop the mindset necessary to develop your very own exploits.
Totally recommend it!
I enjoyed this course a lot and and it opened my mind for the journey towards finding and exploiting browser heap related bugs and not only! One of the most important aspects I found; is that the course is focused to create a way of thinking in how to approach finding and exploiting a certain class of bugs relating to the heap. I believe at this moment, that Peter’s class is the fastest way into opening the path towards this journey and I think it is an excellent designed course. In addition, care ensuring that no student gets left behind throughout the days is at the uppermost level, The examples used for the bug exploitation are perfectly chosen and not last the teaching skills and the continuous support impressed me extremely.
I would highly recommend this course anytime!
I have no doubt stating that Corelan Advanced has been the best infosec training I had so far. Peter is an excellent instructor who’s able to convey his experience and communicate passion about the topics and give you the tools/primitives to investigate and explore yourself how to deal with exploit development in 2019. The training homework will keep me busy for the next 6 months/a year for sure, but now I do feel more comfortable and ready exploring and researching modern bug classes.
If you want to dive into modern exploitation, this is for you.
Peter is a very inspirational teacher. He really loves the subject of heap based exploitation and his years of effort in researching the heap in various versions of Windows have resulted in an in-depth knowledge of the subject. His passion and his natural aptitude to teaching has really motivated me to start my own journey in the exciting world of researching the heap. I’m confident that Peter has given me all the tools that I need to start this journey with confidence. His commitment to create an environment of learning, also after attending the course, further strengthens my confidence. Peter is without a doubt one of the best teachers in the field.
Peter is among the best exploit developers and researchers there are. The knowledge you will learn in this class will save you months of independent effort in addition to putting you at a distinct advantage when performing your own research.
It is extremely difficult to get this knowledge in a form which is well structured and professionally written, making this course an absolute gem. After this course, you will be able to, at the very least, understand even the most seemingly perplexing binary exploitation write ups often published by the likes of ZDI. In the best case, you’ll be able to apply this knowledge to broaden or kick-start your research aspirations. You’ll also come away with notes and material that are invaluable – this information will not appear after a few quick google searches.
Thank you for the training, Peter. Can’t say enough good things about it.
Peter delivered the training in a very digestible manner and kept us engaged with his enthusiasm and natural ability to teach. I’d recommend his courses to people who want a good understanding of the underlying heap internals for Windows 11/10/7 x64/x32 as well giving you a good dive into heap exploitation techniques. If you want to know more about windows and windows exploitation I highly recommend taking the Corelan courses.
I had limited knowledge about the Windows heap prior to the class and was hoping to finish the training with a better understanding of it. I walked away not just with much more confidence on the topic, I gained so much more than that. His sharing of powerful research methodologies based on insights developed from years of dedicated research completely exceeded my prior expectations of the class. Not to mention, Peter has a fantastic way of breaking down complex concepts into an easier to understand fashion that makes things much less intimidating.
Thank you Peter! This was an amazing experience.
This is a thoughtfully designed course which forces you to push the boundaries. You get to learn from more than decade of research in just four days (not just a theory but hands on too) and it’s just the beginning of your Heap Exploitation journey.
Rather than explaining how some of the famous Heap Exploits work, the focus is on analysing Windows Heap Manager’s behaviour that helps you in exploit development. And it doesn’t stop there, Peter wants you to grow, use the methodology/tips/tricks you learned to do your own research and you get all the support you need.
You get 25-30 real world assignments for which you have to develop an exploit from given PoC. These are very intense exercises and you learn a lot in the process. I started working on these exercises one year after I attended the class and I still get the support when needed.
You will never get direct answers but Peter will point you in the right direction. I’m really glad that I took this course and I’m planning to take the Bootcamp course too!
Peter, thank you for a great course!
The Corelan Advanced class is an exhilarating journey into the realm of exploit development and research. Under the expert guidance of instructor Peter Van Eeckhoutte, participants engage in a fast-paced, immersive experience complemented by comprehensive takeaway materials and stimulating homework assignments. Peter’s patient approach encourages active participation, fostering a deeper understanding of complex concepts. With its dynamic structure and expert instruction, the Corelan Advanced class provides participants with a solid foundation for navigating the challenging landscape of exploit development, setting them on a path to success in just a few sessions.
Let me start with a background I have not done a ton of active exploit dev. I was very nervous and excited, at the same time to start something I loved from the start of my InfoSec career. (Not to mention getting ready to be crushed by a tank of Win heap knowledge) Finally, I brought my body to the training ground, started churning into the vast & deep knowledge Peter has handcrafted in these 4 days. Each day I felt overwhelmed, empowered with teachings and the training enthusiast Peter has in him. Despite my dumbness, I feel so inspired to continue my interest and turn into a passion for exploit development all credit goes to Peter. Now that I know so much that I started spending my nights at win heap stores and for sure years to come I will make it less frustrating :). To give you guys what felt, I ran myself into exploit motions at the airport layover, on plane & now back home. If you want to eat, drink, sleep with windbg, browser heap, memory leaks, and poop exploits you are in THE RIGHT PLACE.
I completed Peter’s recent Bootcamp/Advanced Exploit Development training held in Sydney, 2019. Having worked in the computer security field for many years I wasn’t sure how much I was going to get out of the training but I am so glad I decided to attend as these two training courses were without doubt two of the best training experiences I have had in my career.
Peter’s ability to teach students of different knowledge/skill level is second to none and his humour and enthusiasm make the long days (i.e.9:00 – 10pm) seem to fly by.
His depth of knowledge on Windows heap internals is world class and he provides enough training material and exercises to keep you busy for a least a year!
I have no hesitation in recommending both courses to people interested in the field, experienced security professionals and anyone else who wants to experience a truly great educator.
I had the chance to take the Corelan Heap Masterclass. It was a great course that allow to demystify heap exploitation. Peter explained really well the key concepts and the methodology needed and show practical use cases that can be applied to real life situations. The course was really dense but Peter successfully make it fun and easy to follow. I highly recommend this training.
I brought my team to Corelan Advanced to solidify our understanding of heap management and exploitation. I believe that an intricate subject like this one is best learned immersively (initially, anyway—vs. tackling solely through self-study). Peter’s teaching style is clear and engaging; he has a way of taking a complex topic and saying, “When look at it _this_ way, it’s really not so hard to understand!” While this course focuses exclusively on Windows, I’ve found the fundamental concepts taught here have helped my team understand other operating systems’ heap internals more quickly. Do yourself a favor and book a seat in the next available course.
I had the privilege of attending both the Bootcamp and Advanced training sessions, and I must say that the two weeks were incredibly intensive yet thoroughly enjoyable.
For those wishing to venture into the art of exploit writing, the Corelan Bootcamp serves as a solid initial step. The Corelan Advanced Exploit Development training stands out among my experiences in exploit development education. In contrast to many courses that focus solely on exploitation techniques, this program provides a comprehensive foundation by beginning with the fundamentals of memory management in Windows. It then delves into the exploitation of heap-related vulnerabilities and methods to bypass modern memory protections. This approach equips learners with a deep understanding of these concepts, empowering them to conduct thorough research on both known and future memory features and protections. Mastering heap exploitation is a significant endeavor, and this course serves as an exceptional starting point. I highly recommend it to anyone seeking to excel in this domain.
What truly sets Peter apart is not just his technical prowess but also his exceptional training skills. He is not only an excellent teacher but also a funny and passionate individual who is deeply committed to his work and strives for excellence. I highly recommend his training programs. Come and experience it for yourself – you won’t be disappointed!
It was a real pleasure to be able to see first hand the recommendations that were made to me about this course. It greatly exceeded my expectations, besides the fact that the content that Peter has prepared in an exhaustive and methodical way is very good, the ability he has to transmit his knowledge in a dynamic way, which gets you hooked no matter how many hours go by, makes it especially unique.
If you want to know in detail how the heap works, this course provides you with clarity on all the modern heap exploitation techniques.
First of all, I would like to thank Peter for a really extraordinary experience, his passion and dedication are a real inspiration for everyone!
I was really looking forward to pushing my knowledge in exploit development to the next level and finally going for the heap, without having any prior experience related to that, in terms of exploit development. The outcome is that I now feel really comfortable in diving into heap exploits and really understanding them.
Took the Corelan Advanced course at Brucon2019. Scrolling trough all the testimonials and knowing the Corelan team’s publicly available work, led me to some high expectations when I enrolled for the class. I’m really happy to say that the training lived up and even exceeded them in some aspects.
Peter is really great at explaining basically everything, the course structure and materials are very well organised and they are facilitating a consistent learning curve. The in-depth level of analysis and the granularity in understanding the course content are key takeaways. I would describe the training as a combined practical-theoretical experience with a focus on deep understanding for Windows Internals, exploit development and Windows heap concepts. The whole training helps you in building a strong knowledge base in which you can later invest your time into. Plus, the received support after the training session, all the “homeworks” 🙂 and the mindset obtained for looking at things as an exploit developer perspective are priceless.
I hope Peter will come up with other trainings in the future as well, really looking forward to it!
Thanks again Peter for all the knowledge and for truly inspiring me!
Highly recommend it, well worth the investment!
Peter is an amazing teacher on what is truly a mind bending class on Windows heap exploitation. I started this class with almost no prior knowledge about the Windows Heap and by the end of the class not only did we see in detail the behavior of Heap, but also how can you apply different approaches and methodologies from the best. Really great content, tons of exercises exposed through incremental steps to such a dense topic. In my opinion, a truly unmatched class on the topic! I’ve had the Stack class as well, and at the time it was the best security related class I’ve ever attended. Heap built on that and was an even bigger eye opener, being the best class I’ve ever attended!
I really enjoyed and learned a lot of things during the Heap masterclass. I really liked the fact that we started by learning all the technical concepts before diving into the vulnerabilities. The class is really intense in term of content, but Peter managed to summarize 15+ years of research in 4 days, so the class is really worth it. Also, Peter is a great teacher and was able to answer all our questions.
I spent a lot of time improving my skills in Win32 exploit development and Peter’s blog was an important source of knowledge. However, I did not have knowledge about Win32 Heap and I wanted to know how exactly my skills were. That is the reason why I took the Advanced course.
Peter’s training was exactly the kind of training I was hoping to have: a large amount of structured knowledge in many domains. Peter did not just provide theoretical concepts: he also provided many exercises, pushing everyone to do the best. Exercises were clearly not easy, but Peter was not here to give exercises with solutions: he was here to train us to find solutions by ourselves.
The course was long, intense, but above all extremely rewarding.
Thanks Peter!
Great, in depth, analysis of Windows memory management and ingenious ways of using its inner-workings to build working exploits bypassing modern controls.
Peter is a great researcher and trainer. A hard to find combination that makes this course an absolute value for money!
I was able to take the Heap class a month after I took the Stack class. I am still fairly new to overflows and binary exploitation in general, but thanks to these two classes, I feel like I now have a very solid jumping off point. I probably would have been able to get more from the class of I were already knowledgeable in the subject matter, but thankfully Peter has provided a way to help you after the class ends and provides lots of homework to help further our skills even after the class has ended. Well worth the cost of entry!
There might be a misconception that people have after having attended the training once that they grasp the material, or that they gotten all the value from Corelan, because they have heard the explanation, they have gotten the actual materials, and the rest is “working through the materials on their own”. Having attended the Heap exploitation “Advanced” class, the Heap Masterclass, is more than just a rebranding of the same course. While fundamentally the nature of heap exploitation will always remain the focus of the class, no class is exactly the same and personally I experienced a 40% difference in terms of the entire experience of the class. Peter is still working on refining the delivery of complex concepts even having done this for years, and having actually worked on the different labs and homeworks, when I asked Peter about exploit development best practices which I encountered, he was able to answer them, and also integrate them into the course material for future students.
The intense four days training also inherently carries a different form of value: you are essentially rewiring your own mind. The course is so well structured that the fast paced and intense nature of Peter’s delivery, in order to deliver his twenty year’s worth of expertise, is different even on a second attendance, because while conceptually you think you already understand the materials, having worked through them previously, it is another thing entirely to be able to start reasoning with an unknown problem via the nature of the different versions of the windows heap.
Peter is well known for his knowledge of stack and heap exploitation, but most people might end up defining him that way and think that having met him in that context once, it is no longer necessary to attend his classes again. What they fail to recognise is that the depth from the quality of his response to the speed and fluidity of his reasoning, that stack and heap exploitation which are domains he chose to build a class around, and as any individual with decades of commitment towards a given craft, there is no way that knowledge transfer in its entirety can occur, and thus there is much value in attending it again.
The course never fails to draw the smartest crowd no matter which country it conducts itself in. One might argue it is relative to the niche nature of the course, but the value of being able to network with within this context is priceless as it is almost always extremely difficult to fill a room with such technically advanced individuals consistently for days on end. During the moments of the course where we are able to socialize, there are just paradigm shifting level of insights that you get from one another that really change how you approach technical work, and this is also not accounting for the professional connections that you also get to form in your career.
As a modern individual who is highly skeptical against marketing and sales, once you actually experience the value gained from Corelan’s commitment to quality, as written in the FAQ page, you realize as a technical individual that it is more than just words. It is a no BS promise from a senior and highly technical individual backed by decades of working in the trench.
Peter’s Expert-level STACK training in just four days was outstanding! The course was perfectly paced, making even complex topics easy to follow without feeling rushed. The high-quality training materials provided clear, practical insights, helping me grasp the subject thoroughly. I highly recommend this course for anyone looking to master stack buffer overflow quickly and effectively!
I had high expectations, but the course still managed to surpass them! This course is great for anyone who is planning on upgrading their exploit development toolset from the typical stack overflows and ROPs to more advanced heap-based exploits. The material would be very difficult to self-study to the same detail that Peter was able to provide during the four intensive days of teaching. Despite the course being “advanced”, Peter was able to adjust the “level of teaching” perfectly for our group and focus on the right details. The given exercises and homework tasks challenge the students and provide a lot of value even by themself. I would highly recommend taking this class if you have some experience about exploit development on Windows and want to learn more about how the heaps on Windows work!
This class definitely lives through the trainer. The knowledge is imparted in an extremely comprehensible way and focusing on understanding the workings behind and not just firing off exploits. To summarize: Awesome trainer, great class, definitely recommendable.
I attended Peter’s advanced training in Columbia, MD. Nowhere else will you find an instructor capable of expressing complex topics in such a painlessly comprehensible manner. My newfound understanding of Windows’ heap has made what was once a cryptic headache feel elementary.
Peter’s hands-on guidance helps to reinforce the learned material with real-world practice. If you are interested in building a thorough foundation of knowledge and skills in the realm of Windows heap exploitation, then I can’t recommend this course enough.
This was unquestionably the best course I had the honor of attending.
I had the chance to take the Expert-level Stack class. Before the class I only had experience with very basic PE stack buffer overflows. Super great content from learning Windows internals basics to DEP and ASLR bypasses for stack buffer exploitation! I will definitly take the heap course if I have the chance to!
Peter’s ability to explain complex concepts in a simple and pragmatic way is exceptional. His Windows Exploit Development training is of the highest standard and will help newcomers and seasoned security testers alike understand modern memory corruption techniques.
I’ve completed both the Bootcamp and Advanced courses now, along with OSCP and OSCE and I’ve learned invaluable lessons from each.
If you’re interested in Windows Exploit Development, ROP and heap exploitation, then you should definitely prioritise Corelan training. It’s truly a privilege to take part in.
I’ve learned a tonne, but the real learning comes with the exercises that are included as homework during and after the course.
I attended Peters Bootcamp session in Stockholm. My expectations were high for this course and they were met and surpassed!
The entire course is focused on 32bit (last day had a session on more 64bit specifics) and is a excellent primer for those who wants to get into exploit development on Windows.
Peter managed to demystify ROPs and the MONA tool. Peters teaching skills are top notch and documentation and labs are one of the best.
I can highly recommend this course. I am looking forward to attend to the Advanced course.
First of all I would like to thank Peter, for the incredibly cool 3 days in Paris. Thank you very much for your patience in answering questions and the opportunity to share your extraordinary knowledge with us!
After participating in the bootcamp in April of this year in Belgium (BruCON Spring 2019), participation in the advanced course was only the logical consequence.
What makes the course so special, is the methodical and logical structure based on Peter’s practical experience.
Why you should not miss BOTH courses and participate? Very easily:
– Theoretical bases, their implementations as well as common “halftruths” or “mistakes” are explained in a practice-oriented way. – No matter what level of knowledge each participant brings, Peter answers every question and never tires of explaining everything in an understandable way. – Extensive training material, with a huge amount of valuable information (for offense and defense). – Many private solutions which never been published by Peter.
Both courses will be definitely be part of our company training program as a “MUST” for anyone.
Conclusion: “Learn from the best, or die like the rest”
Peter, you are definitely one of the best!
Can’t speak highly enough of Peter’s trainings. I picked up tricks in his advanced heap course that clearly came from decades of hands on exploit writing experience. Something unique in an industry often preoccupied with hoarding knowledge or packaging/selling impractical academic info an autodidact could find on google on their own.
The Corelan Advanced Exploit Development was an amazing experience.
It let you understand in a very detailed way how Heap works on Windows 7 and Windows 10 and how to use some techniques to correctly exploit it.
Peter is a very good instructor, He is able to explain everything in a very clear and easy way. Peter also gives to you a “point of view” that you can use in every scenario and every version of Windows. At the end of the course, you will be provided with a lot of exercises.
If you want to understand how Windows Heap works, how to exploit it and how to “think in the right way”, this course is what you are looking for.”
If you want to dive into modern exploitation, this course is exactly what you are searching for. During my career, I’ve taken many different courses, but I can tell you, there is no match for Peter; the Advanced Exploit Development class is absolutely the best training I’ve ever done. Unlike many other courses, Peter spends a very good amount of time on the fundamentals of memory management and Windows Internals (demystifying “obscure” concepts), then he dives into the exploitation of modern heap-related vulnerabilities (Use After Free, Type Confusion, Memory Leak etc.). Mastering heap exploitation is a long journey and this course is the best training on the market to have as a starting point. The quality of the labs is excellent and does not focus only on ad-hoc exercises; be ready to dive into past real browser’s vulnerabilities, especially with the companion “take-home” exercises. The approach Peter uses to transfer his knowledge is highly professional: you’ll be able to “follow” him verbally and graphically as he uses both the slides and a sketching pad to visually represent memory layouts and such; he’ll give you all the knowledge needed to conduct your own research. Peter is not just amazing from a technical point of view, he’s also very humble and patient. He is an excellent (and funny) trainer who definitely have passion for what he does and that strive for the best. I can’t recommend him enough, just come to the training and see it by yourself.
Peter manages to teach a mindset instead of just the trick. He goes in depth about how different problems can be approached and solved as if you’re doing the research on your own. Not only does this class teach you how to exploit different vulnerabilities, it actually gives you in-depth knowledge about how heap management works exactly. This is by far the best in-person training I have done.
The training was very consequent and well edited. The harmony of theorems and exercises and the details of the explanations tells about a lot of experience and care of the profession. Also, Peter is very friendly and helpful. This is The Place where you can get real knowledge and mindset for your own research.
Thank you for the training, Peter!
This training was glorious.
The content is packed with interesting information that expanded my knownledge of the Windows Heap and gave me a lot of new ideas of research to do. The information is shared in a structured way that is easier to understand than what we can find on the Internet and it clear away some misconception that one can have about how the heap works.
The four days of the training are needed except if you already are familiar with some of the material. There is a lot to cover on the subject, so do not plan anything on the evening of the training. Homeworks are a real thing in this training and are a must if one want the information covered to stick.
I highly recommend this training to anyone interested into writing exploits, even if your focus is not particularly related to heap bugs. It is even better if you do it as a team, like a kind of team building for person that enjoy a challenge.
Peter (the man on the other side of the rabbit hole) shared with us his years of experience (undocumented research & no google results) in 3 days.
The advanced course is extremely worth the investment (luckily my company paid for it). The thought process is the most critical part of the exploit development.
Peter is extremely caring for all students to make sure that no students are left behind.
It’s extremely rare to find the personalities of an expert exploit developer and a teacher combine into one person. And of course he shared with us some of his ‘proprietary’ materials. Lastly his technical guide comes along with his genius humor.
Looking forward to Bootcamp in SG 2019.
The Corelan Advanced Exploit Development (CAED) is one of the most challenging and courses I have taken. The depth of information provides a nice baseline for understanding the underlying technologies required to leverage the techniques for successful exploitation. The amount of information covered in the course could fill a semester-long class at a graduate-level CompSci program.
Peter did a great job of organizing and delivering this information. The course will give you the knowledge, resource, and examples to further expound your knowledge in Advanced Exploit development.
My favorite part of the course is the 6months+ worth of homework along with all the resources like the forums.
Well worth the investment!
This is a course for engineers who are already experienced in binary exploitation and want to deepen their knowledge by taking a hands on class with one of the best teachers in the subject.
As a instructor Peter (Corelan) is a very experienced person which has written a lot about windows exploitation and explains very well each one of the topics in the class, giving you all the material you need if you want to take you time and study on your own.
The course is well structured, and each one of the topics has a set of exercises so you can practice and understand the underlying concepts on a variety of topics such as windows debugging, memory layouts, ROP and even browser exploitation.
Coming into this course I expected to be taught a methodology for exploitation of stack and heap vulnerabilities in Windows. Not only did Peter teach this to a high degree, he also explained how the technology worked in an engaging and detailed manner, enabling the class to not just understand how to exploit a vulnerability, but why it works and how we can enable our own creativity to solve problems without following a “tutorial”. I firmly believe this type of teaching is what students need to stand out in such a competitive industry.
I attended the Corelan Expert-level Stack class; it was my third training in exploit development, following the OSCP and GXPN courses. This one was very different—in a good way—because at first, you might think that you don’t have the skill level or aren’t smart enough to follow along. However, the training materials are very well structured, and I really enjoyed Peter’s teaching style, which was both studious and laid-back. From the first to the last day, the complexity increases, but you (almost) never feel it’s beyond reach. What I especially appreciated was that there were no gray areas. If specific steps were needed to complete an exercise, Peter explained both the ‘why’ and ‘how,’ so you never felt like you were missing key details needed to understand the material. Thank you Peter for the awesome training!
I attended the HEAP masterclass at Brucon 2024 and was greatly impressed by the ease with which Peter managed to get so much information into such little time. The course has a good theory-practice balance where each exercise is there to prove a point. The course starts from Windows 7 only to lead towards Windows 11 and if you have some idea of how the heap works then you can figure out why. Honestly, I didn’t but i just trusted the process and was not disappointed at all! 5/5 recommend it
Peter takes you on a stroll across all the quirks and functionalities of the Windows Heap Manager so you have all fundamental information you need to understand modern heap exploitation. Then you deep dive into heap exploitation with hands-on exercises on Windows 7 and Windows 10/11. Besides Peter being an excellent teacher with great humor, the course content is well structured and complete. And don’t think it ends there, afterwards you have homework to do that can take you a whole year. This training was amazing and I totally recommend it!
Awasome training! If you want to move from stack based exploitations to heap based exploitations, this is the way to go. Training is just the first phase. There is a lot of homework waiting for you afterwards. And by the way Peter is a great teacher. Highly recommended!
Loads of excellent reviews. Mine would not be different. Peter has a very rare talent to break/research the stuff and even more rare talent to be a great teacher. He can explain very complicated things in a clear way and guide you through more complex situations. The aim of this course is not to show tips and tricks, but build fundamental knowledge how to attack heap. Loads of exercises will give you a chance to master exploit dev skills. I also enjoyed his insights and thoughts about research, ways to upskill and other things.
Thank you Peter for doing great job! All the best!
Peter managed to exceed my expectations that I had out of this course.
I had previously attended the Bootcamp training, with the intention to continue with the Advanced course so as to level-up my skills, but more importantly to improve my thought processes into exploit development.
We delved into how heap management works, and leveraging its functionality to exploit bugs mainly in browser software. We explored proof of concepts of Use-After-Free conditions, Memory Leaks, Heap Feng Shui and precise Heap Spraying by performing quite intense, long, and instrumental labs.
Personally, the real journey begins after the end of this training, as Peter provided the tools/ ideas/ examples/ thought-process/ inspiration for further research on the exciting path of modern software exploitation.
Peter has been a truly inspiring mentor during the course and made everything possible to ensure that the core concepts are understood by the whole class.
I am very glad that I had the opportunity to attend the Advanced Course, and I would definitely attend any other future training done by Peter. Many thanks Peter!
Peter’s 4-day class in Columbia, MD was a truly unique experience. The class is designed exceptionally well, and Peter himself is an exemplary instructor.
Peter designed this class such that you start out from fundamentals, and then progress to much more complex topics in a very incremental, easy-to-understand manner. He provided us with all the theory required to ignite our curiosity to ask the right questions of ourselves, plus with all the tools necessary to be able to answer those questions. We exercised knowledge of this theory to answer practical questions, plus he provided us with many meaningful exercises that pave the path towards becoming a more capable exploit developer. Some exercises were during class, some during evenings after class, and some for the years to come. 🙂
I’ve heard from some folks about why he doesn’t jump straight into newer Windows OS 64-bit programs (which he does provide theory about later in the course), but it’s important to realize that this teaching methodology is WHY you are able to eventually understand more modern stuff towards the end. I honestly would not have it any other way, because by the end of the class, I had all the theory and tooling required to figure out Win10 64-bit heap / program functionality, even though he started with Win7 32-bit programs. Moreover, he taught the theory of how memory allocators might work in general, and how we would go about investigating its behavior, regardless of which OS, # of bits, custom memory manager, etc… He taught it perfectly.
Thanks for the great times and lessons, Peter. It was truly an honor to attend this course.
I recently completed the four-day Corelan Heap Masterclass, and it exceeded every expectation. The course offers a deep, structured, and highly practical look into heap internals and exploitation techniques. What stood out most was the clarity of the explanations, where complex concepts that normally take a long time to fully understand were broken down into logical, digestible steps without ever sacrificing technical depth. Peter’s teaching style combines expertise, patience, and the ability to make intensely technical material engaging and accessible. This training pushed me, challenged me, and ultimately gave me a far stronger understanding of heap behavior and exploitation. It’s an intense experience, but absolutely worth it for anyone serious about advancing their skills.
The Advanced Exploit Development training is the best training I’ve ever done so far. Unlike many training about exploit development, this course starts with the fundamentals of memory management on Windows and then dive into exploitation of heap-related vulnerabilities, bypassing modern memory protections. This approach will give you all the knowledge needed to understand how to conduct your proper research on known and future memory features/protections. Mastering heap exploitation is a long journey, and, without hesitation, this course is the best starting point. I highly recommend the Corelan Advanced Exploit Development training.
Attending the Heap Masterclass was hands down one of the best decisions I’ve made for advancing my binary exploitation skills. Peter’s crystal-clear explanations and real world examples drawn from years of his own rigorous, dedicated work helped me in conceptualizing how memory was being allocated and free’d.
With better understanding, it allowed me to perform heap techniques with better precision. I walked away knowing the ‘why’ in addition to the ‘how’. it is definitely worth every minute and penny.
Just got back from the training and still trying to process everything. I will be busy for months working through what Peter has provided us with.
If you are thinking about attending the training, but you are unsure because it “only” deals with Win32, IE on Win7, let me tell you one thing: It doesn’t matter. This has nothing to do with “before you run, you have to learn how to walk”.
In this training, Peter explains the process of developing exploits on modern systems.
The course aims to teach you how to think and how the heap works. It does not matter if you don’t write exploits for Edge on x64, trust me. In order to do that, you have to put in the work first and understand how the low level mechanisms and data structures work and at the end of the day, most of the content you learn will (with modifications) also apply to Win10.
It was one of the best technical trainings I was ever able to attend. Thanks Peter!
The Corelan Advanced Exploit Development is a great investment and it is certainly very challenging.
I learned heaps for heaps by exploiting my brain with huge amount of information.
The Technics/tricks you will learn can be applied in any version of Windows OS even in future editions! The actual challenge begins after the completion of the course homework for months…
I highly recommend this course if you know how to exploit the stack and you looking to explore the wild heap structures and exploit them.
This course was amazing, Peter set an incredible pace from the very start and didn’t let up until the end.
I now feel like I know the various Windows Heap internals more intimately that I thought possible and I have the means and materials to take that further.
I can now explore everything up to up-to-date 64bit Windows 10 and know that I have the grounding to actually craft exploits on those systems.
I can’t recommend this course enough, if you’re thinking of taking it, do it.
It is very difficult to find good learning resources in this field. The material in this course is up-to-date and covers modern techniques that work in the real world. Highly recommended.
As stated in the title: this is a very challenging class. Due to Peter’s golden standard of teaching, you will be rewarded immensely for the effort you take in understanding the course material. Not only does the course provide you with a lot of exercises afterwards, you also get to understand the methodology & tooling to do your own research and apply what you learned about the Windows Heap Manager to other custom heap implementations. Extremely recommended if you want to learn about heap exploitation on Windows.
This course was by far one of the most challenging courses I have taken so far, but Corelan does an excellent job of removing the fear of these more advanced topics and won’t leave you in the dark during and after the course. I’ve been utilizing Corelans free research since I got into Exploit Development and when I discovered he offered this course I knew the moment I had the opportunity I had to take it.
I had expectations before going in and all where exceeded. Then again what more can you expect from the man who invented Mona.py and continues to publish research?
Don’t think twice!
Peter’s Corelan Advanced Class was an exceptional training. With his extensive experience evident in his teaching style, Peter masterfully explained complex concepts, making the learning curve associated with advanced exploit development more manageable.
After covering the theoretical foundations of Windows heap internals, practical exploitation exercises allowed to put the newly acquired knowledge to a test. The foundations provided and Peter’s targeted advice made the challenges approachable and overall strengthened our exploit development skills.
I have just finished the Corelan advanced training done by Peter Van Eeckhoutte. What can I say, best training I have attended so far. Peter is dedicated, passionate and the way he teaches you is great. There is no such way of learning something than trying. Nothing is given during the training, you will fail many times but once you achieve something you will know why it worked and how it works behind the scene. You don’t just learn how to launch a bunch of tools. Painful experiences are always better remembered 😉
Peter is a really knowleadable and enthusiastic teacher. The information you are gonna get in this training will save you tons of personal research on Windows internals. The quality of the material and teaching is absolutely stellar: heap management on both Win7 and Win10, in-depth analysis of specific vulnerabilities to consolidate concepts, tons (literally tons) of PoCs to hint you during your research after the training. I feel this course gave me material for years to come, and Peter will give you all the necessary tools to continue on after the training.
On top of this all I’ve really enjoyed Peter as a person: dedicated and willing to support his students all the way, during the classes and afterwards, he is a true legend. What you even get after the course is an incredible amount of guidance and support from alumni and Peter himself!
I really would not know what to ask more for!
To be honest, It has been my second training experience but I guess it’s safe to claim that this class is above average. At some point, I wasn’t sure how all that information was relevant to apply to exploit dev tasks but then something clicked and everything become clear. So, I don’t know how Peter does it, but he’s a great storyteller and teacher. If you are interested in windows user mode exploitation then I could recommend this course for sure.
The Corelan Heap Master Class is exactly that—a master class. Over four days, we went from the basics to the absolute depths of heap internals. I won’t lie; it was tough. The concepts are deep, and the pace is intense (and yes, the corrective push-ups are real!). But the feeling of understanding these complex mechanisms by the end of Day 4 is unmatched. Peter has a unique gift for breaking down the most difficult concepts, and the Redfacers team organized a seamless experience. It was a fruitful four days that pushed me physically and mentally. I’m already looking forward to the next one.
Personalized verbose courseware
True universal skills, insights inspiration, the ability to do research all by yourself
Your own personal lab. No costs or subscription fees
Challenging (guided) homework to keep you going
Tons of additional use cases, recent CVEs
FREE post-training support, learn at your own pace
Bring Your Own Device
Get ready to focus and learn.Skills needed:
Confidentiality / NDA
Our courses are built on decades of research, real-world experience, and hundreds of hands-on exercises. We push hard to deliver as much value as possible in just a few days — but we also know that no one becomes an expert overnight. True mastery requires practice, repetition, and exploration long after the class ends. Especially with Corelan Heap, most of the work and learning journey will start after the class. In other words, your learning doesn’t stop when the class is over. In fact, it has just begun. You take home the full courseware, your own lab environment, guided homework, a TON of extra use cases and the freedom to learn and refine your skills at your own pace. And when new questions arise — we’re here to help. Every student receives FREE post-training support. No costs, no subscriptions. This long-term support system is unique in the industry and one of the best ways to protect the investment you made in a Corelan class, and in your own future.
Taken both Corelan Stack and Heap? Awesome! The door is now wide open to take on the certification exam that truly sets you apart.Will you earn the prestigious title of Corelan Certified Exploit Developer (CCED)? That part is entirely up to you 😉. Taken Corelan Heap, but not Corelan Stack yet? - It happens🤷🏽 Even if you took another stack-based exploit dev class somewhere else, we're confident you'll learn new things in Corelan Stack, or you'll finally be able to fill in some gaps in your knowledge. Both Corelan Stack and Corelan Heap are required before you can take CCED.