Submit your review
I was skeptical to learn new things in the bootcamp, I was totally wrong. The way of teaching that Peter use is amazing. There is no place for luck or nopsled, you understand really what you are doing and he share so much tips, tricks that you can't found elsewhere. His approach is always different than all other materials I can found. Even if you think you have the level to took advanced bootcamp, I still recommend to take the first one.
The Corelan Advanced Exploit Development is a great investment and it is certainly very challenging. I learned heaps for heaps by exploiting my brain with huge amount of information.
The Technics/tricks you will learn can be applied in any version of Windows OS even in future editions! The actual challenge begins after the completion of the course homework for months...
I highly recommend this course if you know how to exploit the stack and you looking to explore the wild heap structures and exploit them.
Thank you for conducting such an amazing training on modern windows exploitation, i cant describe the amount of knowledge i gained in those 4 days. I would highly recommend corelan advanced training. The most important thing to take away from the training is you don't get to think about one specific vulnerability but rather a mindset on how to tackle issues on runtime which is worth way more than poping a shell for just one vulnerability. It is not some course that just copies public research/vulns and hands over exploit, rather one will deep dive into heaps and memory management (which by the way is foundation for any exploit on modern windows OS). It is worth every single penny spent !
Peter's ability to explain complex concepts in a simple and pragmatic way is exceptional. His Windows Exploit Development training is of the highest standard and will help newcomers and seasoned security testers alike understand modern memory corruption techniques. I've completed both the Bootcamp and Advanced courses now, along with OSCP and OSCE and I've learned invaluable lessons from each. If you're interested in Windows Exploit Development, ROP and heap exploitation, then you should definitely prioritise Corelan training. It's truly a privilege to take part in. I've learned a tonne, but the real learning comes with the exercises that are included as homework during and after the course.
I completed Peter's recent Bootcamp/Advanced Exploit Development training held in Sydney, 2019. Having worked in the computer security field for many years I wasn't sure how much I was going to get out of the training but I am so glad I decided to attend as these two training courses were without doubt two of the best training experiences I have had in my career. Peter's ability to teach students of different knowledge/skill level is second to none and his humour and enthusiasm make the long days (i.e.9:00 - 10pm) seem to fly by. His depth of knowledge on Windows heap internals is world class and he provides enough training material and exercises to keep you busy for a least a year! I have no hesitation in recommending both courses to people interested in the field, experienced security professionals and anyone else who wants to experience a truly great educator.
Having completed the OSCP, I thought I knew stack overflows pretty well.. until I realised how little I really understood about stack ‘buffer’ overflows and in particular ‘Saved Return Pointer’ overwrite exploits. Peter is an excellent teacher and explains the exploit development process in such depth that makes these complex concepts almost too easy to understand. The knowledge of this course stretches far far far past what was covered in the OSCP in regards to windows exploit development and is definitely an excellent course to take your skills to the next level.
Let me start with a background I have not done a ton of active exploit dev. I was very nervous and excited, at the same time to start something I loved from the start of my InfoSec career. (Not to mention getting ready to be crushed by a tank of Win heap knowledge)
Finally, I brought my body to the training ground, started churning into the vast & deep knowledge Peter has handcrafted in these 4 days. Each day I felt overwhelmed, empowered with teachings and the training enthusiast Peter has in him. Despite my dumbness, I feel so inspired to continue my interest and turn into a passion for exploit development all credit goes to Peter. Now that I know so much that I started spending my nights at win heap stores and for sure years to come I will make it less frustrating :).
To give you guys what felt, I ran myself into exploit motions at the airport layover, on plane & now back home. If you want to eat, drink, sleep with windbg, browser heap, memory leaks, and poop exploits you are in THE RIGHT PLACE.
This course was amazing, Peter set an incredible pace from the very start and didn't let up until the end. I now feel like I know the various Windows Heap internals more intimately that I thought possible and I have the means and materials to take that further. I can now explore everything up to up-to-date 64bit Windows 10 and know that I have the grounding to actually craft exploits on those systems. I can't recommend this course enough, if you're thinking of taking it, do it.
I have no doubt stating that Corelan Advanced has been the best infosec training I had so far.
Peter is an excellent instructor who's able to convey his experience and communicate passion about the topics and give you the tools/primitives to investigate and explore yourself how to deal with exploit development in 2019.
The training homework will keep me busy for the next 6 months/a year for sure, but now I do feel more comfortable and ready exploring and researching modern bug classes.
If you want to dive into modern exploitation, this is for you.
This is a course for engineers who are already experienced in binary exploitation and want to deepen their knowledge by taking a hands on class with one of the best teachers in the subject.
As a instructor Peter (Corelan) is a very experienced person which has written a lot about windows exploitation and explains very well each one of the topics in the class, giving you all the material you need if you want to take you time and study on your own.
The course is well structured, and each one of the topics has a set of exercises so you can practice and understand the underlying concepts on a variety of topics such as windows debugging, memory layouts, ROP and even browser exploitation.
If you're comfortable with ROP and if you want to take a deep dive into the world of heap exploitation, I can highly recommend this course. Peter is an excellent and inspiring teacher and researcher that's able to explain even the most complex aspects of the heap in a structured manner. He really cares whether his students understand the material in class and he even provides exercises that should last for months after the class has finished.
This is the best hands-on experience you can get and if you're willing to learn, this is for you.
First of all, I would like to thank Peter for a really extraordinary experience, his passion and dedication are a real inspiration for everyone!
I was really looking forward to pushing my knowledge in exploit development to the next level and finally going for the heap, without having any prior experience related to that, in terms of exploit development. The outcome is that I now feel really comfortable in diving into heap exploits and really understanding them.
Took the Corelan Advanced course at Brucon2019. Scrolling trough all the testimonials and knowing the Corelan team's publicly available work, led me to some high expectations when I enrolled for the class. I'm really happy to say that the training lived up and even exceeded them in some aspects.
Peter is really great at explaining basically everything, the course structure and materials are very well organised and they are facilitating a consistent learning curve. The in-depth level of analysis and the granularity in understanding the course content are key takeaways. I would describe the training as a combined practical-theoretical experience with a focus on deep understanding for Windows Internals, exploit development and Windows heap concepts. The whole training helps you in building a strong knowledge base in which you can later invest your time into. Plus, the received support after the training session, all the "homeworks" :) and the mindset obtained for looking at things as an exploit developer perspective are priceless.
I hope Peter will come up with other trainings in the future as well, really looking forward to it!
Thanks again Peter for all the knowledge and for truly inspiring me!
Highly recommend it, well worth the investment!
This course was by far one of the most challenging courses I have taken so far, but Corelan does an excellent job of removing the fear of these more advanced topics and won't leave you in the dark during and after the course. I've been utilizing Corelans free research since I got into Exploit Development and when I discovered he offered this course I knew the moment I had the opportunity I had to take it.
I had expectations before going in and all where exceeded. Then again what more can you expect from the man who invented Mona.py and continues to publish research? Don't think twice!
The Corelan Advanced Exploit Development (CAED) is one of the most challenging and courses I have taken. The depth of information provides a nice baseline for understanding the underlying technologies required to leverage the techniques for successful exploitation. The amount of information covered in the course could fill a semester-long class at a graduate-level CompSci program. Peter did a great job of organizing and delivering this information. The course will give you the knowledge, resource, and examples to further expound your knowledge in Advanced Exploit development. My favorite part of the course is the 6months+ worth of homework along with all the resources like the forums. Well worth the investment!
Peter is one of the finest and most attentive trainers I've ever met. If you're looking for a refresher or solid introduction to Win32 exploit development, Corelan Bootcamp is an excellent choice. Peter will break you of any bad exploit dev habits you have. ;)
I completed my OSCP and was looking for the next step in my education. The quality of the class easily exceeded my expectations.
The material might be extremely dense for some, but I felt that Peter does a great job of breaking it down. Based on what I observed from other students, I believe it's helpful to have some Python experience since a lot of the lab material required creating Python scripts. Creating the Python scripts on my own helped solidify my understanding of the material. I look forward to take the advanced class. Keep up the good work, Peter!
Peter is a really knowleadable and enthusiastic teacher. The information you are gonna get in this training will save you tons of personal research on Windows internals.
The quality of the material and teaching is absolutely stellar: heap management on both Win7 and Win10, in-depth analysis of specific vulnerabilities to consolidate concepts, tons (literally tons) of PoCs to hint you during your research after the training. I feel this course gave me material for years to come, and Peter will give you all the necessary tools to continue on after the training.
On top of this all I've really enjoyed Peter as a person: dedicated and willing to support his students all the way, during the classes and afterwards, he is a true legend. What you even get after the course is an incredible amount of guidance and support from alumni and Peter himself!
I really would not know what to ask more for!
I had a blast when attending the Corelan Advanced training. I learned heaps about heap management in Windows and exploitation. Furthermore, during the training a lot of concepts became a part of my reversing / exploitation skills such as: vtables, pointers, IAT and ASLR. Although I was familiar with most of these concepts, during the training they became more clear to me, since they were building blocks for the heap exploitation course. The training is provided at a fast pace and Peter is able to create a great environment for learning. I did not only learn how the Windows heap works, but was able to use the learned concepts to understand the basics about the Linux heap manager. Within a week of the training, I solved my first Linux heap CTF challenge, without any previous knowledge of how the Linux heap worked :)
First of all I would like to thank Peter, for the incredibly cool 3 days in Paris. Thank you very much for your patience in answering questions and the opportunity to share your extraordinary knowledge with us!
After participating in the bootcamp in April of this year in Belgium (BruCON Spring 2019), participation in the advanced course was only the logical consequence.
What makes the course so special, is the methodical and logical structure based on Peter's practical experience.
Why you should not miss BOTH courses and participate? Very easily:
- Theoretical bases, their implementations as well as common "halftruths" or "mistakes" are explained in a practice-oriented way.
- No matter what level of knowledge each participant brings, Peter answers every question and never tires of explaining everything in an understandable way.
- Extensive training material, with a huge amount of valuable information (for offense and defense).
- Many private solutions which never been published by Peter.
Both courses will be definitely be part of our company training program as a "MUST" for anyone.
Conclusion: "Learn from the best, or die like the rest"
Peter, you are definitely one of the best!
I have just finished the Corelan advanced training done by Peter Van Eeckhoutte. What can I say, best training I have attended so far. Peter is dedicated, passionate and the way he teaches you is great. There is no such way of learning something than trying. Nothing is given during the training, you will fail many times but once you achieve something you will know why it worked and how it works behind the scene. You don't just learn how to launch a bunch of tools. Painful experiences are always better remembered ;)
Training reviews posted on third party websites:
- http://www.primalsecurity.net/primalsec-podcast-episode-8/ (Around 00:08:00)
- http://www.securityartwork.es/2014/04/03/corelan/ (Spanish)
- http://www.isecauditors.com/corelan-live-Win32-exploit-development-bootcamp (Spanish)
- http://www.chasethesun.es/?p=796 (Spanish)
- http://exploitability.blogspot.fr/2013/06/corelan-live-jy-etais.html (in French)
- http://www.s3cur1ty.de/review-corelan-live (in German)