Submit your review
So I have been interested in learning exploit development for some time, but never had the motivation to start from scratch on my own by reading blog posts on the Internet. This training is exactly what I needed to, in 4 very efficient days, get me started on what seemed important to me for this discipline:
- getting some knowledge about modern operating systems and applications that is relevant for exploit development
- understanding various protection mechanisms, why they have been adopted over the years and how to bypass them
- learning to use the right tools to debug programs and extract useful information for exploits
- practicing exploit development by manually going through the necessary steps to write an exploit
- being aware of the multiple options that could be used to solve given problems
- having information about what is considered good practice as well as good tips for exploit development
This training is very well put together: It is clear, to the point, has a nice flow, has a good balance between theory and practice, ultimately allowing to get a good overview of the subject as well as understanding the important details.
The course just ended, now I need to put things into (more) practice to consolidate everything.
In short, this course is fantastic! It's a 4-day bootcamp style course, fairly priced, covering Win32 exploit development on Windows 10. Some topics include: stack buffer overflows, SEH overwrites, bad character analysis and encoders, basic shellcoding, egghunters, writing your own Metasploit exploit modules, ASLR partial overwrite bypass, and wrapping it up with an almost full day of ROP for DEP bypass. After some initial background material on hardware, OS and memory management, from then on you are heads-down and hands-on-keyboard in Immunity debugger, mona, and Python all day every day. There's also some Ruby in the Metasploit section where you learn to write your own custom Metasploit modules for several of the exploits you just learned. The class provided lots of extra time, often starting early and ending late, giving students at every level the opportunity to get the most out of the course. The quality of the labs was excellent, not giving away too much so you can learn on your own, but providing hints and solutions if you get stuck. There are also several supplemental "take home" exploit labs in the material you could work on outside of class or after the training ends to continue to sharpen your skills. Another excellent value add is that after the course ends, there's an available support forum and Slack channel that all students can join for ongoing help in continuing to develop skills. Whether you're just starting out in exploit dev or have covered this material before and would like a great in-depth refresher, this is the class for you. Peter has many years of experience writing exploits and is the author of mona, so during his step by step walkthroughs you will definitely pick up a lot of his tricks along the way that will help you save time when writing your own exploits. Although he is very knowledgeable, he is also very approachable, humble, patient and is excellent at teaching very complex topics in a way that students at all levels can understand. If you've always wanted to learn how to write exploits, modify exploits, and understand how they work, but felt a little intimidated signing up for such a technical class like this, this is my advice: If you have a passion to learn exploit dev and are willing to put in the time, devote yourself to completing the labs even if it means staying late in class or taking the work back with you to the hotel room to work on it at night, then I can't think of a better instructor and a better course to kick that off than this one. Personally, I can’t wait to sign up for the Advanced Class which is the one that follows this one and looking forward to whatever newer classes may be released by Corelan Training in the future.
First I would like to start by thanking Peter for his patience and dedication to answer every question in great details. What separate Peter from other instructors is his methodological and logical approach in delivering the course materials. Hands down, this is the best security training I attended.
Every step is explained with backing theory and clear logical reasons on why we were doing what we were doing to create the exploits. There were no vague answers.
The way Peter puts ideas and concepts together is an inspiration. You may not master every topic discussed right away (as you have to practice, practice and practice) but the main take away is that you have to apply yourself and work hard.
I specifically liked the exercises as they were well-thought out. You will see yourself grasping ideas as you do the exercises yourself (with little help along the way from Peter) which I liked because you will earn knowledge the hard and the right way.
Thank you for a great learning opportunity. What a great person to be around.
I took the Bootcamp training in March 2019 and I was impressed by how Peter explained highly complex topics with ease, patience, and enthusiasm. No matter what's your level of experience in debugging/exploitation, you will learn a lot! 0-day exploitation will become much easier to you once you know the foundations Peter teaches.
As far as I know, there are no better (or even comparable) courses than the ones offered by Corelan's, which deeply explain exploitation techniques. Hey! Don't you know that Peter is the developer of the **popular** exploitation module: mona.py! So, you're getting your knowledge right from the mouth of a guy who spent all of his life developing and researching this science!
Once I practice and master the Bootcamp's materials/exercises, I will DEFINITELY attend the Advance training.
Thanks, Peter again for the enthusiasm we got in the class! Looking forward to your Advanced training.
One of the most gruelling yet beneficial training courses that I have ever attended in my entire ofsec career! This course is definitely a good start for those who really want to get well acquainted with the basics of exploit development. On top of that, Peter is such an amazing instructor in terms of delivering his content and sharing us some tips and tricks when facing problems during the lab exercises. I would personally recommend his training to anyone who wants to start off basic exploit development.
The training was very consequent and well edited. The harmony of theorems and exercises and the details of the explanations tells about a lot of experience and care of the profession. Also, Peter is very friendly and helpful. This is The Place where you can get real knowledge and mindset for your own research.
Thank you for the training, Peter!
Loads of excellent reviews. Mine would not be different. Peter has a very rare talent to break/research the stuff and even more rare talent to be a great teacher. He can explain very complicated things in a clear way and guide you through more complex situations. The aim of this course is not to show tips and tricks, but build fundamental knowledge how to attack heap. Loads of exercises will give you a chance to master exploit dev skills. I also enjoyed his insights and thoughts about research, ways to upskill and other things.
Thank you Peter for doing great job! All the best!
Peter is among the best exploit developers and researchers there are. The knowledge you will learn in this class will save you months of independent effort in addition to putting you at a distinct advantage when performing your own research.
It is extremely difficult to get this knowledge in a form which is well structured and professionally written, making this course an absolute gem. After this course, you will be able to, at the very least, understand even the most seemingly perplexing binary exploitation write ups often published by the likes of ZDI. In the best case, you'll be able to apply this knowledge to broaden or kick-start your research aspirations. You'll also come away with notes and material that are invaluable - this information will not appear after a few quick google searches.
Thank you for the training, Peter. Can't say enough good things about it.
Just got back from the training and still trying to process everything. I will be busy for months working through what Peter has provided us with. If you are thinking about attending the training, but you are unsure because it "only" deals with Win32, IE on Win7, let me tell you one thing: It doesn't matter. This has nothing to do with "before you run, you have to learn how to walk". In this training, Peter explains the process of developing exploits on modern systems. The course aims to teach you how to think and how the heap works. It does not matter if you don't write exploits for Edge on x64, trust me. In order to do that, you have to put in the work first and understand how the low level mechanisms and data structures work and at the end of the day, most of the content you learn will (with modifications) also apply to Win10. It was one of the best technical trainings I was ever able to attend. Thanks Peter!
First off, I'm a web application and network penetration tester by trade, and most of my experience in exploit writing comes from the Buffer Overflow section of OSCP (Offensive Security Certified Professional), so take what I say with a pinch of salt as I may not be correct in all the technical details.I recently went for the Corelan Advanced "Exploit Development for Win32 Platform" class in Singapore, conducted by Peter Van Eeckhoutte (corelanc0d3r). From what I understand, the intermediate Corelan Bootcamp class teaches stack-based overflows by using ROP (Return Oriented Programming) to bypass DEP (Data Execution Prevention), whereas the Advanced class teaches heap-based exploitation techniques with a heavy emphasis on using ROP chains in heap sprays.My main motivation for taking the class is to gain enough knowledge to pass the OSCE (Offensive Security Certified Expert). Although it was the Advanced class, I thought that I have enough background knowledge from OSCP based on the Bootcamp syllabus. But I found out that I was wrong! Once I started to talk to other people who have taken both the Advanced class and OSCE, I realized that the Advanced class covers more "advanced" techniques compared to OSCE.So, I started to cram before the class on using ROP, hoping that I can at least catch up to the course. On hindsight, most of the tutorials out there shows how to use "mona.py" to generate ROP chains, but what was required was to know how to manually fix a broken ROP chain (I should have studied the Corelan tutorial 10 on ROP, but it was way too intimidating with too much details).The first exercise to gauge the student's skill level makes use of an POC (Proof of Concept) that "mona.py" will fail to successfully generate a ROP chain and will need to be fixed manually. Fixing the ROP chain manually is extremely time-consuming and difficult since changing a ROP gadget changes the existing register values (like playing a Rubik's Cube), especially if you're a newbie like me.The exercise on the second day involves rebuilding a heap-based exploit (MSxx-YYY), combining heap-spraying, heap positioning, and calculation of offsets to place the ROP chain and shellcode. The heap-spraying and heap positioning are relatively easy as the POC for those were provided, but calculation of the offset was the killer. I tried to manually calculate the correct offset after class (took me hours and without success, so I had to go to class without much sleep). The next day, I learnt that I missed out on a vital step (that was briefly introduced) that completely invalidates hours of my work the day before. I also learnt that I was using the wrong ROP gadget, so I guess I was making my life miserable for nothing.For the third day, Peter led us though another more complex PoC (MSxx-YYY) but left the completion of the PoC as an exercise for us.As you can tell by now, I am very impressed by the class. Although I only managed to absorb only a small portion of the material, the confidence boosting effort was immense and I now feel more confident about taking OSCE.Interesting things about the class:1. Although the class was about 32-bit exploitation, we worked on a default configuration Windows 7 SP1 x64 virtual machine with DEP turned on explicitly, using the default Internet Explorer 8. It's weird, but the default Internet Explorer was the 32-bit version. It turns out that a lot of default applications that we are used to are still 32-bit.2. The value of the class is where Peter lead us through the simulated examples and PoCs, when he drew out the chunks of heap in different positions on a whiteboard (and how they move), and then explain with the help of live examples on the WinDBG debugger (with examples of register values and the contents on various heap memory locations). I know this probably does not make much sense to the reader, but it’s quite hard to explain. The difference between reading a single bullet point on a slide and someone explaining the dynamic movement of the memory positions is incredibly huge. It would have been perfect if I could have recorded his explanation on video and review the lessons again later, but recordings are not allowed.3. There are a lot of exercises provided for homework. Some of them include his personally exploits that Peter made us pinky-swear that we will not share with others.4. Students also get to access a private forum where Peter said that he will continue to help with the homework, and any other technical queries, but no answers will be provided by Peter.Although exploit writing is pretty much useless to penetration testers in the South East Asia region, I would gladly recommend the class to anyone who is interested in exploit development. But do take the Bootcamp class first if possible, unless you are already comfortable with writing ROP chains manually. If the Bootcamp class does come to Singapore, I would gladly take the Bootcamp class too.
I enjoyed this course a lot and and it opened my mind for the journey towards finding and exploiting browser heap related bugs and not only! One of the most important aspects I found; is that the course is focused to create a way of thinking in how to approach finding and exploiting a certain class of bugs relating to the heap. I believe at this moment, that Peter's class is the fastest way into opening the path towards this journey and I think it is an excellent designed course. In addition, care ensuring that no student gets left behind throughout the days is at the uppermost level, The examples used for the bug exploitation are perfectly chosen and not last the teaching skills and the continuous support impressed me extremely. I would highly recommend this course anytime!
I really enjoyed this training, where peter explained material for the material in great detail and the easy way to digest by the students. although there are some steps that I have not understood but at least it has opened my insights into the science
Peter (the man on the other side of the rabbit hole) shared with us his years of experience (undocumented research & no google results) in 3 days. Advanced course is extremely worth the investment (luckily my company paid for it). The thought process is the most critical part of the exploit development. Peter is extremely caring for all students to make sure that no students are left behind. Its extremely rare to find the personalities of an expert exploit developer and a teacher combine into one person. And of course he shared with us some of his 'proprietary' materials. Lastly his technical guide comes along with his genius humor. Looking forward to Bootcamp in SG 2019.
Peter managed to exceed my expectations that I had out of this course. I had previously attended the Bootcamp training, with the intention to continue with the Advanced course so as to level-up my skills, but more importantly to improve my thought processes into exploit development. We delved into how heap management works, and leveraging its functionality to exploit bugs mainly in browser software. We explored proof of concepts of Use-After-Free conditions, Memory Leaks, Heap Feng Shui and precise Heap Spraying by performing quite intense, long, and instrumental labs. Personally, the real journey begins after the end of this training, as Peter provided the tools/ ideas/ examples/ thought-process/ inspiration for further research on the exciting path of modern software exploitation. Peter has been a truly inspiring mentor during the course and made everything possible to ensure that the core concepts are understood by the whole class. I am very glad that I had the opportunity to attend the Advanced Course, and I would definitely attend any other future training done by Peter. Many thanks Peter!
I spent a lot of time improving my skills in Win32 exploit development and Peter's blog was an important source of knowledge. However, I did not have knowledge about Win32 Heap and I wanted to know how exactly my skills were. That is the reason why I took the Advanced course.
Peter's training was exactly the kind of training I was hoping to have: a large amount of structured knowledge in many domains. Peter did not just provide theoretical concepts: he also provided many exercises, pushing everyone to do the best. Exercises were clearly not easy, but Peter was not here to give exercises with solutions: he was here to train us to find solutions by ourselves.
The course was long, intense, but above all extremely rewarding.
I really enjoyed this training. It is accessible even if you don't work in IT security (like me). All you need is some basic knowledge in computer and above all a lot of motivation.
Peter can keep people focused for hours and explains complex ideas in a clear and structured way.
This is not a "fire and forget" course, there are plenty of keys to continue and improve yourself after.
I can't wait for the advanced course.
Thanks Peter !
Peter managed to convey complex information in a clear and coherent fashion, which is no small feat. Whilst I already new the material on paper, the course did help me understand some parts in greater detail, which enabled me to truly grasp the concepts.
Also, trying to be first in the shell race is always fun ;).
I thus highly recommend this training for any and all security researchers out there!
Even though I was initially planning to register only for the Advanced Course (due to already possessing relevant advanced certifications on exploit development), I am so glad that I made the decision to attend the BootCamp course as well. It definitely filled in certain gaps I had (which the other certs did not truly cover), and prepared me mentally for the next step. I enjoyed every minute of the course, but even though it's now over, I feel that this is the start of a new beginning due to the eye-opening towards certain concepts. Peter has been a truly inspiring mentor during the course, who did not hesitate to devote extra hours, without which I personally would need more time to get to the point myself and the class was, and he made a true effort so that we really understand the root cause of what we were doing. I have already registered for the Advanced Course, and looking forward to more exciting times ahead! Thanks a lot Peter.
Not much I can add that has not been said about Peter and this course already. This is a great course if you really want to learn the ropes, or maybe I should say ROP chain :-) Peter has a vast background knowledge and is an excellent teacher. Peter filled the blanks from my OSCP training and added a ton more.
I have been reading the tutorial from corelan's blog ever since I started my own exploration to security in general. So far this is the best training I ever had compared to SANS and some online courses (Offensive Security and ElearnSecurity, which I paid on my own. From all of the training I had this would be the best!!! I have not seen any trainer use the traditional way of writing things down and let the students explain or participate. It is very interactive so during break you get to discuss and find ways on how to deal or fix the exercise. It is really an eye opener and he will let you think like a researcher. Over all it touches from reversing to exploit development. Again its not 5 days its 3 exciting days with awesome discussions of the latest and the greatest. I highly recommend this training.
Training reviews posted on third party websites:
- http://www.primalsecurity.net/primalsec-podcast-episode-8/ (Around 00:08:00)
- http://www.securityartwork.es/2014/04/03/corelan/ (Spanish)
- http://www.isecauditors.com/corelan-live-Win32-exploit-development-bootcamp (Spanish)
- http://www.chasethesun.es/?p=796 (Spanish)
- http://exploitability.blogspot.fr/2013/06/corelan-live-jy-etais.html (in French)
- http://www.s3cur1ty.de/review-corelan-live (in German)