Submit your review
The training was awesome, despite non being a completely “noob” in exploit development I choose to take the bootcamp in order to be sure to have the right foundations before moving to the advance course; to my surprise I learned lots of things which are now very clear in my mind. I understood some “obscure” windows internals and why they works in this manner, there is no more space for NOPs now that I really understand what I’m doing.
Peter is not just amazing from a technical point of view, he’s also a really excellent (and funny) trainer who definitely have passion for what he does and that strive for the best. I can’t recommend him enough, just come to the training and see it by yourself. 😊
Sorry Peter I still can't pronounce your last name :)
I can't recommend Peter's training enough , he is simply the best assembly language and exploit development instructor I've ever met.
Simply amazing and I'm looking forward to the advanced course once I rule the ROP chains.
This training is amazing. Peter starts with the foundation of all exploiting: the OS and how it talks to the CPU/memory, and how that is important to exploitation. His way of describing complex concepts in simple drawings is amazing and really makes you understand what you are doing. We wrote exploits for all sorts of stuff, and what seemed like magic has been neatly reduced to comprehensible, understandable steps. Long story short, great training, great material, attend if you can.
I've been to various trainings until now and always left disappointed in the lack of technical depth. Peter is what I call a master of his domain. In bootcamp he teaches you how the OS works, how memory works, and all other inner workings of a computer (relevant to Exploit development), then and only then he goes into exploitation. Be comfortable with Assembly, python and prepare for a hardcore training if you are a beginner.
- an expert in communication
- an expert in exploitation
- an expert in teaching skills
He loves what he does and you can see it clearly. I would give him 10 stars if I could.
As an advice, if you are a beginner in exploitation and want to learn as much as possible, do at least 5-10 simple exploits before coming to the training, the pace is brutal.
Thank you for a great training Peter,
The Corelan Bootcamp is a good start for the craft of exploit writing. Peter is a fantastic teacher with a deep knowledge and fine sense of humour. Peter explains the basics and after three days you should not only know what you are doing, but why you are doing it and why NOPs kill kittens. ;-) I already had some experience in stack buffer overflows before the training, but I learned a ton of new things. I highly recommend this training. Thank you Peter for a wonderful time!
Once you are done with all the basic exploitation tutorials and trainings, you should get this one. The training is amazing, Peter is one of the most knowledgeable people for the subject and it shows from the first minutes. The content is great, organized and has a great learning curve. It builds up until everything is very clear on your head regarding windows heap exploitation. Once the training is done you feel like you are one step away from researching and building your own exploits. All it remains is to dedicate time to do it. You are going to have all the tools and knowledge needed.
The Advanced Exploit Development training is the best training I've ever done so far. Unlike many training about exploit development, this course starts with the fundamentals of memory management on Windows and then dive into exploitation of heap-related vulnerabilities, bypassing modern memory protections. This approach will give you all the knowledge needed to understand how to conduct your proper research on known and future memory features/protections. Mastering heap exploitation is a long journey, and, without hesitation, this course is the best starting point. I highly recommend the Corelan Advanced Exploit Development training.
The Corelan Advanced Exploit Development was an amazing experience. It let you understand in a very detailed way how Heap works on Windows 7 and Windows 10 and how to use some techniques to correctly exploit it. Peter is a very good instructor, He is able to explain everything in a very clear and easy way. Peter also gives to you a "point of view" that you can use in every scenario and every version of Windows. At the end of the course, you will be provided with a lot of exercises. If you want to understand how Windows Heap works, how to exploit it and how to "think in the right way", this course is what you are looking for."
Amazing training ! Peter is an excellent trainer that wins your respect from the very first moment! I learned lots of things which are now very clear in my mind. I strongly recommend this course to anyone who wants to dive into low level concepts ! Excellent quality ! Thank you Peter, for such a powerful training course!
This training was awesome! I did a few security trainings before, but this is definitely my favourite so far! Peter was very very well prepared and had a lot of patience to answer all questions. The training starts gradually with windows 7 and then builds up to windows 10 and latest heap exploitation techniques. Very intensive, even though I had a bit of experience about these topics previously. After the 3rd day was felling quite tired of and day 4 was complete brain meltdown! Loved it!
I was skeptical to learn new things in the bootcamp, I was totally wrong. The way of teaching that Peter use is amazing. There is no place for luck or nopsled, you understand really what you are doing and he share so much tips, tricks that you can't found elsewhere. His approach is always different than all other materials I can found. Even if you think you have the level to took advanced bootcamp, I still recommend to take the first one.
The Corelan Advanced Exploit Development is a great investment and it is certainly very challenging. I learned heaps for heaps by exploiting my brain with huge amount of information.
The Technics/tricks you will learn can be applied in any version of Windows OS even in future editions! The actual challenge begins after the completion of the course homework for months...
I highly recommend this course if you know how to exploit the stack and you looking to explore the wild heap structures and exploit them.
Thank you for conducting such an amazing training on modern windows exploitation, i cant describe the amount of knowledge i gained in those 4 days. I would highly recommend corelan advanced training. The most important thing to take away from the training is you don't get to think about one specific vulnerability but rather a mindset on how to tackle issues on runtime which is worth way more than poping a shell for just one vulnerability. It is not some course that just copies public research/vulns and hands over exploit, rather one will deep dive into heaps and memory management (which by the way is foundation for any exploit on modern windows OS). It is worth every single penny spent !
Peter's ability to explain complex concepts in a simple and pragmatic way is exceptional. His Windows Exploit Development training is of the highest standard and will help newcomers and seasoned security testers alike understand modern memory corruption techniques. I've completed both the Bootcamp and Advanced courses now, along with OSCP and OSCE and I've learned invaluable lessons from each. If you're interested in Windows Exploit Development, ROP and heap exploitation, then you should definitely prioritise Corelan training. It's truly a privilege to take part in. I've learned a tonne, but the real learning comes with the exercises that are included as homework during and after the course.
I completed Peter's recent Bootcamp/Advanced Exploit Development training held in Sydney, 2019. Having worked in the computer security field for many years I wasn't sure how much I was going to get out of the training but I am so glad I decided to attend as these two training courses were without doubt two of the best training experiences I have had in my career. Peter's ability to teach students of different knowledge/skill level is second to none and his humour and enthusiasm make the long days (i.e.9:00 - 10pm) seem to fly by. His depth of knowledge on Windows heap internals is world class and he provides enough training material and exercises to keep you busy for a least a year! I have no hesitation in recommending both courses to people interested in the field, experienced security professionals and anyone else who wants to experience a truly great educator.
Having completed the OSCP, I thought I knew stack overflows pretty well.. until I realised how little I really understood about stack ‘buffer’ overflows and in particular ‘Saved Return Pointer’ overwrite exploits. Peter is an excellent teacher and explains the exploit development process in such depth that makes these complex concepts almost too easy to understand. The knowledge of this course stretches far far far past what was covered in the OSCP in regards to windows exploit development and is definitely an excellent course to take your skills to the next level.
Let me start with a background I have not done a ton of active exploit dev. I was very nervous and excited, at the same time to start something I loved from the start of my InfoSec career. (Not to mention getting ready to be crushed by a tank of Win heap knowledge)
Finally, I brought my body to the training ground, started churning into the vast & deep knowledge Peter has handcrafted in these 4 days. Each day I felt overwhelmed, empowered with teachings and the training enthusiast Peter has in him. Despite my dumbness, I feel so inspired to continue my interest and turn into a passion for exploit development all credit goes to Peter. Now that I know so much that I started spending my nights at win heap stores and for sure years to come I will make it less frustrating :).
To give you guys what felt, I ran myself into exploit motions at the airport layover, on plane & now back home. If you want to eat, drink, sleep with windbg, browser heap, memory leaks, and poop exploits you are in THE RIGHT PLACE.
This course was amazing, Peter set an incredible pace from the very start and didn't let up until the end. I now feel like I know the various Windows Heap internals more intimately that I thought possible and I have the means and materials to take that further. I can now explore everything up to up-to-date 64bit Windows 10 and know that I have the grounding to actually craft exploits on those systems. I can't recommend this course enough, if you're thinking of taking it, do it.
I have no doubt stating that Corelan Advanced has been the best infosec training I had so far.
Peter is an excellent instructor who's able to convey his experience and communicate passion about the topics and give you the tools/primitives to investigate and explore yourself how to deal with exploit development in 2019.
The training homework will keep me busy for the next 6 months/a year for sure, but now I do feel more comfortable and ready exploring and researching modern bug classes.
If you want to dive into modern exploitation, this is for you.
This is a course for engineers who are already experienced in binary exploitation and want to deepen their knowledge by taking a hands on class with one of the best teachers in the subject.
As a instructor Peter (Corelan) is a very experienced person which has written a lot about windows exploitation and explains very well each one of the topics in the class, giving you all the material you need if you want to take you time and study on your own.
The course is well structured, and each one of the topics has a set of exercises so you can practice and understand the underlying concepts on a variety of topics such as windows debugging, memory layouts, ROP and even browser exploitation.
Training reviews posted on third party websites:
- http://www.primalsecurity.net/primalsec-podcast-episode-8/ (Around 00:08:00)
- http://www.securityartwork.es/2014/04/03/corelan/ (Spanish)
- http://www.isecauditors.com/corelan-live-Win32-exploit-development-bootcamp (Spanish)
- http://www.chasethesun.es/?p=796 (Spanish)
- http://exploitability.blogspot.fr/2013/06/corelan-live-jy-etais.html (in French)
- http://www.s3cur1ty.de/review-corelan-live (in German)