Submit your review
Peter managed to exceed my expectations that I had out of this course. I had previously attended the Bootcamp training, with the intention to continue with the Advanced course so as to level-up my skills, but more importantly to improve my thought processes into exploit development. We delved into how heap management works, and leveraging its functionality to exploit bugs mainly in browser software. We explored proof of concepts of Use-After-Free conditions, Memory Leaks, Heap Feng Shui and precise Heap Spraying by performing quite intense, long, and instrumental labs. Personally, the real journey begins after the end of this training, as Peter provided the tools/ ideas/ examples/ thought-process/ inspiration for further research on the exciting path of modern software exploitation. Peter has been a truly inspiring mentor during the course and made everything possible to ensure that the core concepts are understood by the whole class. I am very glad that I had the opportunity to attend the Advanced Course, and I would definitely attend any other future training done by Peter. Many thanks Peter!
I spent a lot of time improving my skills in Win32 exploit development and Peter's blog was an important source of knowledge. However, I did not have knowledge about Win32 Heap and I wanted to know how exactly my skills were. That is the reason why I took the Advanced course.
Peter's training was exactly the kind of training I was hoping to have: a large amount of structured knowledge in many domains. Peter did not just provide theoretical concepts: he also provided many exercises, pushing everyone to do the best. Exercises were clearly not easy, but Peter was not here to give exercises with solutions: he was here to train us to find solutions by ourselves.
The course was long, intense, but above all extremely rewarding.
I really enjoyed this training. It is accessible even if you don't work in IT security (like me). All you need is some basic knowledge in computer and above all a lot of motivation.
Peter can keep people focused for hours and explains complex ideas in a clear and structured way.
This is not a "fire and forget" course, there are plenty of keys to continue and improve yourself after.
I can't wait for the advanced course.
Thanks Peter !
Peter managed to convey complex information in a clear and coherent fashion, which is no small feat. Whilst I already new the material on paper, the course did help me understand some parts in greater detail, which enabled me to truly grasp the concepts.
Also, trying to be first in the shell race is always fun ;).
I thus highly recommend this training for any and all security researchers out there!
Even though I was initially planning to register only for the Advanced Course (due to already possessing relevant advanced certifications on exploit development), I am so glad that I made the decision to attend the BootCamp course as well. It definitely filled in certain gaps I had (which the other certs did not truly cover), and prepared me mentally for the next step. I enjoyed every minute of the course, but even though it's now over, I feel that this is the start of a new beginning due to the eye-opening towards certain concepts. Peter has been a truly inspiring mentor during the course, who did not hesitate to devote extra hours, without which I personally would need more time to get to the point myself and the class was, and he made a true effort so that we really understand the root cause of what we were doing. I have already registered for the Advanced Course, and looking forward to more exciting times ahead! Thanks a lot Peter.
Not much I can add that has not been said about Peter and this course already. This is a great course if you really want to learn the ropes, or maybe I should say ROP chain :-) Peter has a vast background knowledge and is an excellent teacher. Peter filled the blanks from my OSCP training and added a ton more.
I have been reading the tutorial from corelan's blog ever since I started my own exploration to security in general. So far this is the best training I ever had compared to SANS and some online courses (Offensive Security and ElearnSecurity, which I paid on my own. From all of the training I had this would be the best!!! I have not seen any trainer use the traditional way of writing things down and let the students explain or participate. It is very interactive so during break you get to discuss and find ways on how to deal or fix the exercise. It is really an eye opener and he will let you think like a researcher. Over all it touches from reversing to exploit development. Again its not 5 days its 3 exciting days with awesome discussions of the latest and the greatest. I highly recommend this training.
I have taken many exploit development courses and certifications in the past, and while CTP/OSCE, PWK/OSCP, and SEC 760/GXPN and others are great, Corelan courses are on a league of their own.
This is the second Corelan course I have taken, the other being Bootcamp, and I can honestly say that it is the best training on exploit development out there. You will probably leave the class with more questions than answers, but that's only because Peter will cover topics that are so cutting-edge that only a handful of people, such as himself, have mastered them.
I guess the best endorsement I can give to this course is this: I plan on attending this same class again next year.
Peter designs a course that not only has you engaged in the moment but thinking how else you can better your skills for the future. The course definitely wasn't easy but gave you just enough information to better yourself wherever you are currently at. Hope to take the course again and any other course Peter plans to offer in the future.
This was a fantastic class and I would highly recommend it to anyone who wants to learn exploit development. The material is very well done and walks you through the basics with progressively less hand holding as the class goes on. Lincoln was our teacher and he was great. He was very approachable and knowledgable, if a student had an issue with a particular concept, he had no problem explaining things in a new or different way until it clicked. The example applications that we worked on were varied and we were even left with some "take home" work for further studying. The class was so much fun that I honestly was sad for it to come to an end.
Great job Corelan team. I'll see you all so for that advanced class!
Reading the other testimonials, there's not much else I can add. There is a reason they're all 5 stars.
The amount of knowledge Peter was able to transfer in only 3 days was very impressive. I went into this course having done little binary exploitation, all self-taught, and came out of it feeling like I had a clear path forward for going after big, modern applications. I feel that getting to this level on my own would have been a multi-month endeavour, not to mention the fact that there are a few nuggets that just aren’t publicly available at all :).
Corelan courses have a legendary status in our community, they can even seem almost intimidatingly difficult, which I don’t think was the case. While the pace of the course was fast, and the days were long, the course content, while complex, was presented in such a way that everyone was able to follow along.
One of my favorite things about this course is the fact that there is a large amount of lab material that actually is NOT done during the course! Realistically, modern binary exploitation is a large, complex topic, and to really get it you need to get your hands dirty. Three days is just not enough time to possibly do that. What you do get out of those three days are the tools, knowledge, and a series of exercises to complete in the following weeks that will give you experience to complement the training which would otherwise be impossible in a short period of time. This combined with post-course support really separates the Corelan course from any other information security training I’ve ever done.
Probably the best (public) exploit training in the planet. Why? Just think of these factors: 1. Exploit development is a cryptic art, and 2. Advanced age makes your brain learn selectively (to take in only those things that are meaningful). Hence, you're half the learner you used to be. How can you overcome these hurdles? IF YOU HAVE THE BEST TEACHER! A teacher who walks his talk and knows the topic like the back of his hands (or perchance, his tattooed arms). I encourage anyone who is passionate about exploit development to take this course. You will not regret it! So, yeah, in short, a knowledgeable teacher/mentor/coach makes a BIG difference in tackling a difficult topic. Exploit Development == Corelan.
I took the "Advanced" Corelan class at Derbycon in 2015 and it was a class I wont soon forget. I am still working through the lab materials even though the class was months ago. This isn't one of those other classes that will leave you wishing you were given more information. Peter does a fantastic job of putting together relevant and highly useful information. On top of that he is a fantastic instructor... He knows how to push you without letting you flounder on your own. I would highly recommend this course to anyone who wants to go beyond the typical "exploit dev" classes..
After the Bootcamp in April, enjoying every minute of it, I felt a strong urge to also follow the Advanced training.
I'm so happy. Advanced made me enjoy every minute again.
Course was more than great. Really complex stuff, but Peter is a pro and he knows exactly how to make -you- do the thinking and find out "where to find what" and "look and verify".
Massive amounts of theory and practice, packed into 3 days. Had a blast!
And months of homework :-)
This class was probably the best security class I have ever taken. I took the Corelan Advanced over 9 months ago, but still feel inspired by it. I have recommended it to anyone I meet who wants to get an in depth education on exploit development. Peter did an excellent job of describing complex topics in a way that was (relatively) easy to understand. The course was tough...pretty brutal actually...but I enjoyed every minute of it. The labs were challenging but began to make sense as we worked through them. Can't recommend this enough. Excellent Training...thanks Peter.
Awesome class with a very knowledgeable instructor. Peter does a great job of explaining the material and challenging you so that in the end you really learn a lot from this class. It's a great class even for someone with experience in exploit development. The class is fast paced but still plenty of time to do the labs (10+ hours a day of class time) and learn a lot. Peter is an excellent teacher and explains the concepts very well. Peter's knowledge of the techniques combined with his ability to teach it is what really makes this class worth the money. Highly recommend this class and looking forward to his advanced class in June.
The instructor (Peter) will overflow your mind with this amazing training: theory and practice are perfectly mixed together. Arguments, from the basics to advanced topics, are perfectly illustrated, you soon go deeper in the topics and this is the challenging and magic part. I should attend this course again to get all the details that Peter describe, explain and illustrate in a such clear way. One of the best trainings i did so far, i will highly recommend this course to everyone want to understand how exploits work and how to get your hands dirty in development. Thanks Peter !
After doing OSCP and OSCE I started to get interested more and more in exploit development. I decided to get deeper into the field, but soon felt myself lost with all the open questions I had. It was difficult for me to find out where to go for help, I connected to IRC channels, contacted people via mail or twitter, asking questions and describing my problems. But it was hard to gather all the information together, specially when it came to bypassing state of the art mitigation techniques. It seemed that I still was lacking of understanding why things happened. Often it was just a result of a long try and error process, when I finally got something to work. At this point I decided to register for the Corelan bootcamp. Normally I am quite good with self studying and going through ton’s of tutorials, but this time I thought it might help to have somebody experienced with all this stuff. First I was still a bit sceptical, as often after a class, I had the feeling, that I could have learnt most of the things myself easily. But in this case I didn’t regret it. Although I had already some skills with writing exploits, I soon realized during the course, how big my lack of understanding the overall bigger picture was. In the class we dived into the deeper backgrounds of how things work. We learnt how the operating system is designed and acts as a layer between hardware and userland applications, what common pitfalls to avoid all the things you need to know when it come to exploit development. Not only I learnt how to do things, but also why they worked and under what circumstances. The class got more and more challenging as we progressed. Peter really had prepared everything in an excellent manner for the course. The scripts and exploits for the course were optimized, so that we would not waste much time on installing, preparing etc, but could straight ahead hook into the essential parts and start with practicing the core content. Everything was focused on make us think ourselves how to solve a problem than rather just repeat things without getting our brain to work. On the first day, short before midnight I realized that all the day was gone, that I forgot the time because I got so fascinated by learning all these things on how to get control of the workflow of a process in memory and make it make what we want instead of what it has been designed to make. I quickly got addicted to absorbing all the new things and by the end of the course I felt like I would miss these intense days sitting from morning to late evening in the class. Peter really is a great teacher who knew how to challenge us. Apart from all the pain I went through this really brutal crash course, it most importantly was real fun ! I can really highly recommend this course to everyone who really feels in getting into exploit development.
The training was hard and long (3 days of 10+ hours) but it was worth the effort. The trainer (Peter) was able to keep concentration levels up using breaks, subtle humor ;-) and in depth knowledge. The theory was presented in a clear way and the exercises were challenging enough to keep us busy. One of the best trainings I had in 15 years of working in IT.
Impressive/amazing course with great attention to the nitty gritty details. Perfect course material and a great teacher. All in all, a truly unique course and experience.... Math is hard and the CPU never lies, but WinDbg does ;-)... looking for the advanced course :-)
Training reviews posted on third party websites:
- http://www.primalsecurity.net/primalsec-podcast-episode-8/ (Around 00:08:00)
- http://www.securityartwork.es/2014/04/03/corelan/ (Spanish)
- http://www.isecauditors.com/corelan-live-Win32-exploit-development-bootcamp (Spanish)
- http://www.chasethesun.es/?p=796 (Spanish)
- http://exploitability.blogspot.fr/2013/06/corelan-live-jy-etais.html (in French)
- http://www.s3cur1ty.de/review-corelan-live (in German)