Submit your review
The training was very consequent and well edited. The harmony of theorems and exercises and the details of the explanations tells about a lot of experience and care of the profession. Also, Peter is very friendly and helpful. This is The Place where you can get real knowledge and mindset for your own research.
Thank you for the training, Peter!
Loads of excellent reviews. Mine would not be different. Peter has a very rare talent to break/research the stuff and even more rare talent to be a great teacher. He can explain very complicated things in a clear way and guide you through more complex situations. The aim of this course is not to show tips and tricks, but build fundamental knowledge how to attack heap. Loads of exercises will give you a chance to master exploit dev skills. I also enjoyed his insights and thoughts about research, ways to upskill and other things.
Thank you Peter for doing great job! All the best!
Peter is among the best exploit developers and researchers there are. The knowledge you will learn in this class will save you months of independent effort in addition to putting you at a distinct advantage when performing your own research.
It is extremely difficult to get this knowledge in a form which is well structured and professionally written, making this course an absolute gem. After this course, you will be able to, at the very least, understand even the most seemingly perplexing binary exploitation write ups often published by the likes of ZDI. In the best case, you'll be able to apply this knowledge to broaden or kick-start your research aspirations. You'll also come away with notes and material that are invaluable - this information will not appear after a few quick google searches.
Thank you for the training, Peter. Can't say enough good things about it.
Just got back from the training and still trying to process everything. I will be busy for months working through what Peter has provided us with. If you are thinking about attending the training, but you are unsure because it "only" deals with Win32, IE on Win7, let me tell you one thing: It doesn't matter. This has nothing to do with "before you run, you have to learn how to walk". In this training, Peter explains the process of developing exploits on modern systems. The course aims to teach you how to think and how the heap works. It does not matter if you don't write exploits for Edge on x64, trust me. In order to do that, you have to put in the work first and understand how the low level mechanisms and data structures work and at the end of the day, most of the content you learn will (with modifications) also apply to Win10. It was one of the best technical trainings I was ever able to attend. Thanks Peter!
First off, I'm a web application and network penetration tester by trade, and most of my experience in exploit writing comes from the Buffer Overflow section of OSCP (Offensive Security Certified Professional), so take what I say with a pinch of salt as I may not be correct in all the technical details.I recently went for the Corelan Advanced "Exploit Development for Win32 Platform" class in Singapore, conducted by Peter Van Eeckhoutte (corelanc0d3r). From what I understand, the intermediate Corelan Bootcamp class teaches stack-based overflows by using ROP (Return Oriented Programming) to bypass DEP (Data Execution Prevention), whereas the Advanced class teaches heap-based exploitation techniques with a heavy emphasis on using ROP chains in heap sprays.My main motivation for taking the class is to gain enough knowledge to pass the OSCE (Offensive Security Certified Expert). Although it was the Advanced class, I thought that I have enough background knowledge from OSCP based on the Bootcamp syllabus. But I found out that I was wrong! Once I started to talk to other people who have taken both the Advanced class and OSCE, I realized that the Advanced class covers more "advanced" techniques compared to OSCE.So, I started to cram before the class on using ROP, hoping that I can at least catch up to the course. On hindsight, most of the tutorials out there shows how to use "mona.py" to generate ROP chains, but what was required was to know how to manually fix a broken ROP chain (I should have studied the Corelan tutorial 10 on ROP, but it was way too intimidating with too much details).The first exercise to gauge the student's skill level makes use of an POC (Proof of Concept) that "mona.py" will fail to successfully generate a ROP chain and will need to be fixed manually. Fixing the ROP chain manually is extremely time-consuming and difficult since changing a ROP gadget changes the existing register values (like playing a Rubik's Cube), especially if you're a newbie like me.The exercise on the second day involves rebuilding a heap-based exploit (MSxx-YYY), combining heap-spraying, heap positioning, and calculation of offsets to place the ROP chain and shellcode. The heap-spraying and heap positioning are relatively easy as the POC for those were provided, but calculation of the offset was the killer. I tried to manually calculate the correct offset after class (took me hours and without success, so I had to go to class without much sleep). The next day, I learnt that I missed out on a vital step (that was briefly introduced) that completely invalidates hours of my work the day before. I also learnt that I was using the wrong ROP gadget, so I guess I was making my life miserable for nothing.For the third day, Peter led us though another more complex PoC (MSxx-YYY) but left the completion of the PoC as an exercise for us.As you can tell by now, I am very impressed by the class. Although I only managed to absorb only a small portion of the material, the confidence boosting effort was immense and I now feel more confident about taking OSCE.Interesting things about the class:1. Although the class was about 32-bit exploitation, we worked on a default configuration Windows 7 SP1 x64 virtual machine with DEP turned on explicitly, using the default Internet Explorer 8. It's weird, but the default Internet Explorer was the 32-bit version. It turns out that a lot of default applications that we are used to are still 32-bit.2. The value of the class is where Peter lead us through the simulated examples and PoCs, when he drew out the chunks of heap in different positions on a whiteboard (and how they move), and then explain with the help of live examples on the WinDBG debugger (with examples of register values and the contents on various heap memory locations). I know this probably does not make much sense to the reader, but it’s quite hard to explain. The difference between reading a single bullet point on a slide and someone explaining the dynamic movement of the memory positions is incredibly huge. It would have been perfect if I could have recorded his explanation on video and review the lessons again later, but recordings are not allowed.3. There are a lot of exercises provided for homework. Some of them include his personally exploits that Peter made us pinky-swear that we will not share with others.4. Students also get to access a private forum where Peter said that he will continue to help with the homework, and any other technical queries, but no answers will be provided by Peter.Although exploit writing is pretty much useless to penetration testers in the South East Asia region, I would gladly recommend the class to anyone who is interested in exploit development. But do take the Bootcamp class first if possible, unless you are already comfortable with writing ROP chains manually. If the Bootcamp class does come to Singapore, I would gladly take the Bootcamp class too.
I enjoyed this course a lot and and it opened my mind for the journey towards finding and exploiting browser heap related bugs and not only! One of the most important aspects I found; is that the course is focused to create a way of thinking in how to approach finding and exploiting a certain class of bugs relating to the heap. I believe at this moment, that Peter's class is the fastest way into opening the path towards this journey and I think it is an excellent designed course. In addition, care ensuring that no student gets left behind throughout the days is at the uppermost level, The examples used for the bug exploitation are perfectly chosen and not last the teaching skills and the continuous support impressed me extremely. I would highly recommend this course anytime!
I really enjoyed this training, where peter explained material for the material in great detail and the easy way to digest by the students. although there are some steps that I have not understood but at least it has opened my insights into the science
Peter (the man on the other side of the rabbit hole) shared with us his years of experience (undocumented research & no google results) in 3 days. Advanced course is extremely worth the investment (luckily my company paid for it). The thought process is the most critical part of the exploit development. Peter is extremely caring for all students to make sure that no students are left behind. Its extremely rare to find the personalities of an expert exploit developer and a teacher combine into one person. And of course he shared with us some of his 'proprietary' materials. Lastly his technical guide comes along with his genius humor. Looking forward to Bootcamp in SG 2019.
Peter managed to exceed my expectations that I had out of this course. I had previously attended the Bootcamp training, with the intention to continue with the Advanced course so as to level-up my skills, but more importantly to improve my thought processes into exploit development. We delved into how heap management works, and leveraging its functionality to exploit bugs mainly in browser software. We explored proof of concepts of Use-After-Free conditions, Memory Leaks, Heap Feng Shui and precise Heap Spraying by performing quite intense, long, and instrumental labs. Personally, the real journey begins after the end of this training, as Peter provided the tools/ ideas/ examples/ thought-process/ inspiration for further research on the exciting path of modern software exploitation. Peter has been a truly inspiring mentor during the course and made everything possible to ensure that the core concepts are understood by the whole class. I am very glad that I had the opportunity to attend the Advanced Course, and I would definitely attend any other future training done by Peter. Many thanks Peter!
I spent a lot of time improving my skills in Win32 exploit development and Peter's blog was an important source of knowledge. However, I did not have knowledge about Win32 Heap and I wanted to know how exactly my skills were. That is the reason why I took the Advanced course.
Peter's training was exactly the kind of training I was hoping to have: a large amount of structured knowledge in many domains. Peter did not just provide theoretical concepts: he also provided many exercises, pushing everyone to do the best. Exercises were clearly not easy, but Peter was not here to give exercises with solutions: he was here to train us to find solutions by ourselves.
The course was long, intense, but above all extremely rewarding.
I really enjoyed this training. It is accessible even if you don't work in IT security (like me). All you need is some basic knowledge in computer and above all a lot of motivation.
Peter can keep people focused for hours and explains complex ideas in a clear and structured way.
This is not a "fire and forget" course, there are plenty of keys to continue and improve yourself after.
I can't wait for the advanced course.
Thanks Peter !
Peter managed to convey complex information in a clear and coherent fashion, which is no small feat. Whilst I already new the material on paper, the course did help me understand some parts in greater detail, which enabled me to truly grasp the concepts.
Also, trying to be first in the shell race is always fun ;).
I thus highly recommend this training for any and all security researchers out there!
Even though I was initially planning to register only for the Advanced Course (due to already possessing relevant advanced certifications on exploit development), I am so glad that I made the decision to attend the BootCamp course as well. It definitely filled in certain gaps I had (which the other certs did not truly cover), and prepared me mentally for the next step. I enjoyed every minute of the course, but even though it's now over, I feel that this is the start of a new beginning due to the eye-opening towards certain concepts. Peter has been a truly inspiring mentor during the course, who did not hesitate to devote extra hours, without which I personally would need more time to get to the point myself and the class was, and he made a true effort so that we really understand the root cause of what we were doing. I have already registered for the Advanced Course, and looking forward to more exciting times ahead! Thanks a lot Peter.
Not much I can add that has not been said about Peter and this course already. This is a great course if you really want to learn the ropes, or maybe I should say ROP chain :-) Peter has a vast background knowledge and is an excellent teacher. Peter filled the blanks from my OSCP training and added a ton more.
I have been reading the tutorial from corelan's blog ever since I started my own exploration to security in general. So far this is the best training I ever had compared to SANS and some online courses (Offensive Security and ElearnSecurity, which I paid on my own. From all of the training I had this would be the best!!! I have not seen any trainer use the traditional way of writing things down and let the students explain or participate. It is very interactive so during break you get to discuss and find ways on how to deal or fix the exercise. It is really an eye opener and he will let you think like a researcher. Over all it touches from reversing to exploit development. Again its not 5 days its 3 exciting days with awesome discussions of the latest and the greatest. I highly recommend this training.
I have taken many exploit development courses and certifications in the past, and while CTP/OSCE, PWK/OSCP, and SEC 760/GXPN and others are great, Corelan courses are on a league of their own.
This is the second Corelan course I have taken, the other being Bootcamp, and I can honestly say that it is the best training on exploit development out there. You will probably leave the class with more questions than answers, but that's only because Peter will cover topics that are so cutting-edge that only a handful of people, such as himself, have mastered them.
I guess the best endorsement I can give to this course is this: I plan on attending this same class again next year.
Peter designs a course that not only has you engaged in the moment but thinking how else you can better your skills for the future. The course definitely wasn't easy but gave you just enough information to better yourself wherever you are currently at. Hope to take the course again and any other course Peter plans to offer in the future.
This was a fantastic class and I would highly recommend it to anyone who wants to learn exploit development. The material is very well done and walks you through the basics with progressively less hand holding as the class goes on. Lincoln was our teacher and he was great. He was very approachable and knowledgable, if a student had an issue with a particular concept, he had no problem explaining things in a new or different way until it clicked. The example applications that we worked on were varied and we were even left with some "take home" work for further studying. The class was so much fun that I honestly was sad for it to come to an end.
Great job Corelan team. I'll see you all so for that advanced class!
Reading the other testimonials, there's not much else I can add. There is a reason they're all 5 stars.
The amount of knowledge Peter was able to transfer in only 3 days was very impressive. I went into this course having done little binary exploitation, all self-taught, and came out of it feeling like I had a clear path forward for going after big, modern applications. I feel that getting to this level on my own would have been a multi-month endeavour, not to mention the fact that there are a few nuggets that just aren’t publicly available at all :).
Corelan courses have a legendary status in our community, they can even seem almost intimidatingly difficult, which I don’t think was the case. While the pace of the course was fast, and the days were long, the course content, while complex, was presented in such a way that everyone was able to follow along.
One of my favorite things about this course is the fact that there is a large amount of lab material that actually is NOT done during the course! Realistically, modern binary exploitation is a large, complex topic, and to really get it you need to get your hands dirty. Three days is just not enough time to possibly do that. What you do get out of those three days are the tools, knowledge, and a series of exercises to complete in the following weeks that will give you experience to complement the training which would otherwise be impossible in a short period of time. This combined with post-course support really separates the Corelan course from any other information security training I’ve ever done.
Probably the best (public) exploit training in the planet. Why? Just think of these factors: 1. Exploit development is a cryptic art, and 2. Advanced age makes your brain learn selectively (to take in only those things that are meaningful). Hence, you're half the learner you used to be. How can you overcome these hurdles? IF YOU HAVE THE BEST TEACHER! A teacher who walks his talk and knows the topic like the back of his hands (or perchance, his tattooed arms). I encourage anyone who is passionate about exploit development to take this course. You will not regret it! So, yeah, in short, a knowledgeable teacher/mentor/coach makes a BIG difference in tackling a difficult topic. Exploit Development == Corelan.
Training reviews posted on third party websites:
- http://www.primalsecurity.net/primalsec-podcast-episode-8/ (Around 00:08:00)
- http://www.securityartwork.es/2014/04/03/corelan/ (Spanish)
- http://www.isecauditors.com/corelan-live-Win32-exploit-development-bootcamp (Spanish)
- http://www.chasethesun.es/?p=796 (Spanish)
- http://exploitability.blogspot.fr/2013/06/corelan-live-jy-etais.html (in French)
- http://www.s3cur1ty.de/review-corelan-live (in German)