Submit your review
First off, I'm a web application and network penetration tester by trade, and most of my experience in exploit writing comes from the Buffer Overflow section of OSCP (Offensive Security Certified Professional), so take what I say with a pinch of salt as I may not be correct in all the technical details.I recently went for the Corelan Advanced "Exploit Development for Win32 Platform" class in Singapore, conducted by Peter Van Eeckhoutte (corelanc0d3r). From what I understand, the intermediate Corelan Bootcamp class teaches stack-based overflows by using ROP (Return Oriented Programming) to bypass DEP (Data Execution Prevention), whereas the Advanced class teaches heap-based exploitation techniques with a heavy emphasis on using ROP chains in heap sprays.My main motivation for taking the class is to gain enough knowledge to pass the OSCE (Offensive Security Certified Expert). Although it was the Advanced class, I thought that I have enough background knowledge from OSCP based on the Bootcamp syllabus. But I found out that I was wrong! Once I started to talk to other people who have taken both the Advanced class and OSCE, I realized that the Advanced class covers more "advanced" techniques compared to OSCE.So, I started to cram before the class on using ROP, hoping that I can at least catch up to the course. On hindsight, most of the tutorials out there shows how to use "mona.py" to generate ROP chains, but what was required was to know how to manually fix a broken ROP chain (I should have studied the Corelan tutorial 10 on ROP, but it was way too intimidating with too much details).The first exercise to gauge the student's skill level makes use of an POC (Proof of Concept) that "mona.py" will fail to successfully generate a ROP chain and will need to be fixed manually. Fixing the ROP chain manually is extremely time-consuming and difficult since changing a ROP gadget changes the existing register values (like playing a Rubik's Cube), especially if you're a newbie like me.The exercise on the second day involves rebuilding a heap-based exploit (MSxx-YYY), combining heap-spraying, heap positioning, and calculation of offsets to place the ROP chain and shellcode. The heap-spraying and heap positioning are relatively easy as the POC for those were provided, but calculation of the offset was the killer. I tried to manually calculate the correct offset after class (took me hours and without success, so I had to go to class without much sleep). The next day, I learnt that I missed out on a vital step (that was briefly introduced) that completely invalidates hours of my work the day before. I also learnt that I was using the wrong ROP gadget, so I guess I was making my life miserable for nothing.For the third day, Peter led us though another more complex PoC (MSxx-YYY) but left the completion of the PoC as an exercise for us.As you can tell by now, I am very impressed by the class. Although I only managed to absorb only a small portion of the material, the confidence boosting effort was immense and I now feel more confident about taking OSCE.Interesting things about the class:1. Although the class was about 32-bit exploitation, we worked on a default configuration Windows 7 SP1 x64 virtual machine with DEP turned on explicitly, using the default Internet Explorer 8. It's weird, but the default Internet Explorer was the 32-bit version. It turns out that a lot of default applications that we are used to are still 32-bit.2. The value of the class is where Peter lead us through the simulated examples and PoCs, when he drew out the chunks of heap in different positions on a whiteboard (and how they move), and then explain with the help of live examples on the WinDBG debugger (with examples of register values and the contents on various heap memory locations). I know this probably does not make much sense to the reader, but it’s quite hard to explain. The difference between reading a single bullet point on a slide and someone explaining the dynamic movement of the memory positions is incredibly huge. It would have been perfect if I could have recorded his explanation on video and review the lessons again later, but recordings are not allowed.3. There are a lot of exercises provided for homework. Some of them include his personally exploits that Peter made us pinky-swear that we will not share with others.4. Students also get to access a private forum where Peter said that he will continue to help with the homework, and any other technical queries, but no answers will be provided by Peter.Although exploit writing is pretty much useless to penetration testers in the South East Asia region, I would gladly recommend the class to anyone who is interested in exploit development. But do take the Bootcamp class first if possible, unless you are already comfortable with writing ROP chains manually. If the Bootcamp class does come to Singapore, I would gladly take the Bootcamp class too.
I enjoyed this course a lot and and it opened my mind for the journey towards finding and exploiting browser heap related bugs and not only! One of the most important aspects I found; is that the course is focused to create a way of thinking in how to approach finding and exploiting a certain class of bugs relating to the heap. I believe at this moment, that Peter's class is the fastest way into opening the path towards this journey and I think it is an excellent designed course. In addition, care ensuring that no student gets left behind throughout the days is at the uppermost level, The examples used for the bug exploitation are perfectly chosen and not last the teaching skills and the continuous support impressed me extremely. I would highly recommend this course anytime!
I really enjoyed this training, where peter explained material for the material in great detail and the easy way to digest by the students. although there are some steps that I have not understood but at least it has opened my insights into the science
Peter (the man on the other side of the rabbit hole) shared with us his years of experience (undocumented research & no google results) in 3 days. Advanced course is extremely worth the investment (luckily my company paid for it). The thought process is the most critical part of the exploit development. Peter is extremely caring for all students to make sure that no students are left behind. Its extremely rare to find the personalities of an expert exploit developer and a teacher combine into one person. And of course he shared with us some of his 'proprietary' materials. Lastly his technical guide comes along with his genius humor. Looking forward to Bootcamp in SG 2019.
Peter managed to exceed my expectations that I had out of this course. I had previously attended the Bootcamp training, with the intention to continue with the Advanced course so as to level-up my skills, but more importantly to improve my thought processes into exploit development. We delved into how heap management works, and leveraging its functionality to exploit bugs mainly in browser software. We explored proof of concepts of Use-After-Free conditions, Memory Leaks, Heap Feng Shui and precise Heap Spraying by performing quite intense, long, and instrumental labs. Personally, the real journey begins after the end of this training, as Peter provided the tools/ ideas/ examples/ thought-process/ inspiration for further research on the exciting path of modern software exploitation. Peter has been a truly inspiring mentor during the course and made everything possible to ensure that the core concepts are understood by the whole class. I am very glad that I had the opportunity to attend the Advanced Course, and I would definitely attend any other future training done by Peter. Many thanks Peter!
I spent a lot of time improving my skills in Win32 exploit development and Peter's blog was an important source of knowledge. However, I did not have knowledge about Win32 Heap and I wanted to know how exactly my skills were. That is the reason why I took the Advanced course.
Peter's training was exactly the kind of training I was hoping to have: a large amount of structured knowledge in many domains. Peter did not just provide theoretical concepts: he also provided many exercises, pushing everyone to do the best. Exercises were clearly not easy, but Peter was not here to give exercises with solutions: he was here to train us to find solutions by ourselves.
The course was long, intense, but above all extremely rewarding.
I really enjoyed this training. It is accessible even if you don't work in IT security (like me). All you need is some basic knowledge in computer and above all a lot of motivation.
Peter can keep people focused for hours and explains complex ideas in a clear and structured way.
This is not a "fire and forget" course, there are plenty of keys to continue and improve yourself after.
I can't wait for the advanced course.
Thanks Peter !
Peter managed to convey complex information in a clear and coherent fashion, which is no small feat. Whilst I already new the material on paper, the course did help me understand some parts in greater detail, which enabled me to truly grasp the concepts.
Also, trying to be first in the shell race is always fun ;).
I thus highly recommend this training for any and all security researchers out there!
Even though I was initially planning to register only for the Advanced Course (due to already possessing relevant advanced certifications on exploit development), I am so glad that I made the decision to attend the BootCamp course as well. It definitely filled in certain gaps I had (which the other certs did not truly cover), and prepared me mentally for the next step. I enjoyed every minute of the course, but even though it's now over, I feel that this is the start of a new beginning due to the eye-opening towards certain concepts. Peter has been a truly inspiring mentor during the course, who did not hesitate to devote extra hours, without which I personally would need more time to get to the point myself and the class was, and he made a true effort so that we really understand the root cause of what we were doing. I have already registered for the Advanced Course, and looking forward to more exciting times ahead! Thanks a lot Peter.
Not much I can add that has not been said about Peter and this course already. This is a great course if you really want to learn the ropes, or maybe I should say ROP chain :-) Peter has a vast background knowledge and is an excellent teacher. Peter filled the blanks from my OSCP training and added a ton more.
I have been reading the tutorial from corelan's blog ever since I started my own exploration to security in general. So far this is the best training I ever had compared to SANS and some online courses (Offensive Security and ElearnSecurity, which I paid on my own. From all of the training I had this would be the best!!! I have not seen any trainer use the traditional way of writing things down and let the students explain or participate. It is very interactive so during break you get to discuss and find ways on how to deal or fix the exercise. It is really an eye opener and he will let you think like a researcher. Over all it touches from reversing to exploit development. Again its not 5 days its 3 exciting days with awesome discussions of the latest and the greatest. I highly recommend this training.
I have taken many exploit development courses and certifications in the past, and while CTP/OSCE, PWK/OSCP, and SEC 760/GXPN and others are great, Corelan courses are on a league of their own.
This is the second Corelan course I have taken, the other being Bootcamp, and I can honestly say that it is the best training on exploit development out there. You will probably leave the class with more questions than answers, but that's only because Peter will cover topics that are so cutting-edge that only a handful of people, such as himself, have mastered them.
I guess the best endorsement I can give to this course is this: I plan on attending this same class again next year.
Peter designs a course that not only has you engaged in the moment but thinking how else you can better your skills for the future. The course definitely wasn't easy but gave you just enough information to better yourself wherever you are currently at. Hope to take the course again and any other course Peter plans to offer in the future.
This was a fantastic class and I would highly recommend it to anyone who wants to learn exploit development. The material is very well done and walks you through the basics with progressively less hand holding as the class goes on. Lincoln was our teacher and he was great. He was very approachable and knowledgable, if a student had an issue with a particular concept, he had no problem explaining things in a new or different way until it clicked. The example applications that we worked on were varied and we were even left with some "take home" work for further studying. The class was so much fun that I honestly was sad for it to come to an end.
Great job Corelan team. I'll see you all so for that advanced class!
Reading the other testimonials, there's not much else I can add. There is a reason they're all 5 stars.
The amount of knowledge Peter was able to transfer in only 3 days was very impressive. I went into this course having done little binary exploitation, all self-taught, and came out of it feeling like I had a clear path forward for going after big, modern applications. I feel that getting to this level on my own would have been a multi-month endeavour, not to mention the fact that there are a few nuggets that just aren’t publicly available at all :).
Corelan courses have a legendary status in our community, they can even seem almost intimidatingly difficult, which I don’t think was the case. While the pace of the course was fast, and the days were long, the course content, while complex, was presented in such a way that everyone was able to follow along.
One of my favorite things about this course is the fact that there is a large amount of lab material that actually is NOT done during the course! Realistically, modern binary exploitation is a large, complex topic, and to really get it you need to get your hands dirty. Three days is just not enough time to possibly do that. What you do get out of those three days are the tools, knowledge, and a series of exercises to complete in the following weeks that will give you experience to complement the training which would otherwise be impossible in a short period of time. This combined with post-course support really separates the Corelan course from any other information security training I’ve ever done.
Probably the best (public) exploit training in the planet. Why? Just think of these factors: 1. Exploit development is a cryptic art, and 2. Advanced age makes your brain learn selectively (to take in only those things that are meaningful). Hence, you're half the learner you used to be. How can you overcome these hurdles? IF YOU HAVE THE BEST TEACHER! A teacher who walks his talk and knows the topic like the back of his hands (or perchance, his tattooed arms). I encourage anyone who is passionate about exploit development to take this course. You will not regret it! So, yeah, in short, a knowledgeable teacher/mentor/coach makes a BIG difference in tackling a difficult topic. Exploit Development == Corelan.
I took the "Advanced" Corelan class at Derbycon in 2015 and it was a class I wont soon forget. I am still working through the lab materials even though the class was months ago. This isn't one of those other classes that will leave you wishing you were given more information. Peter does a fantastic job of putting together relevant and highly useful information. On top of that he is a fantastic instructor... He knows how to push you without letting you flounder on your own. I would highly recommend this course to anyone who wants to go beyond the typical "exploit dev" classes..
After the Bootcamp in April, enjoying every minute of it, I felt a strong urge to also follow the Advanced training.
I'm so happy. Advanced made me enjoy every minute again.
Course was more than great. Really complex stuff, but Peter is a pro and he knows exactly how to make -you- do the thinking and find out "where to find what" and "look and verify".
Massive amounts of theory and practice, packed into 3 days. Had a blast!
And months of homework :-)
This class was probably the best security class I have ever taken. I took the Corelan Advanced over 9 months ago, but still feel inspired by it. I have recommended it to anyone I meet who wants to get an in depth education on exploit development. Peter did an excellent job of describing complex topics in a way that was (relatively) easy to understand. The course was tough...pretty brutal actually...but I enjoyed every minute of it. The labs were challenging but began to make sense as we worked through them. Can't recommend this enough. Excellent Training...thanks Peter.
Awesome class with a very knowledgeable instructor. Peter does a great job of explaining the material and challenging you so that in the end you really learn a lot from this class. It's a great class even for someone with experience in exploit development. The class is fast paced but still plenty of time to do the labs (10+ hours a day of class time) and learn a lot. Peter is an excellent teacher and explains the concepts very well. Peter's knowledge of the techniques combined with his ability to teach it is what really makes this class worth the money. Highly recommend this class and looking forward to his advanced class in June.
Training reviews posted on third party websites:
- http://www.primalsecurity.net/primalsec-podcast-episode-8/ (Around 00:08:00)
- http://www.securityartwork.es/2014/04/03/corelan/ (Spanish)
- http://www.isecauditors.com/corelan-live-Win32-exploit-development-bootcamp (Spanish)
- http://www.chasethesun.es/?p=796 (Spanish)
- http://exploitability.blogspot.fr/2013/06/corelan-live-jy-etais.html (in French)
- http://www.s3cur1ty.de/review-corelan-live (in German)