I had the dream for years to start learning binary exploitation and eventually learn how to triage and exploit a crash from a fuzzer. I had long heard amazing things from Corelan classes, how knowledgeable Peter was and how hardcore the classes were. The Stack class was really great, 4 days of lots of information and background, from fundamentals to feeling comfortable with ROP chains. I had prior to the class little experience with assembly and in general the binary world, and hands down the explanation was the best I ever had seen. Great slides, great tips, cool exercises in real software. I was expecting a great class, but it was hands down the best security related class I’ve ever attended.
The Corelan Stack Exploit Development course was a truly high-level learning experience. Every concept is explained clearly and systematically, with nothing left to chance. Peter doesn’t just teach deep technical skills—he teaches a way of thinking that sticks with you. The materials are incredibly well-prepared, the exercises are numerous and progressively challenging, and they really push you to understand what you’re doing instead of just following along. You can feel the passion and experience behind every slide, every demo, every explanation. It’s a solid, hands-on, and thoroughly practical course.
Attending the Corelan Expert-level Stack Exploit Development class was the best decision that I have made to date on my Exploit Development journey. I came into the course already familiar with many of the core concepts on the course agenda. Having had exposure to them as I am also taking the OSED class and preparing to take the certification exam as well. Prior to taking Peter’s course, my exploit knowledge had been 100% self-directed study. Self-study filled with highs and lows. Periods where motivation was high as some concepts were easy to grasp. And other periods where motivation was low due to not understanding the “why’s” or “how’s” on self-directed course material. And when I couldn’t get to a definitive answer on why something worked vs when it didn’t. Peter’s class is a great opportunity for those who are completely new to exploit development and for those that are initiated but still have doubts. Taking this course has allowed me to learn the methodology and best practices from someone who has been doing this for a long time (over 20 years). Introducing concepts and ideas in a way that the material builds on itself explaining every step of the way, the “why’s” and “how’s” of stack based exploit development. Peter’s teaching style is of the no non-sense, direct, straight-to-business type. Encouraging growth and self-mastery of the material. Much like Morpheus from “The Matrix”, Peter teaches from a perspective and with insights that will challenge any preconceived notions that are not based on fact or empirical evidence. Peter stresses that exploit development is a science. Always knowing your why to what you are doing, aka follow the methodology. The best value for taking the course are the additional lab exercises and continued support once the class over. Allowing for true mastery of the material through lots and lots of practice. I have already signed up to take Peter’s Heap Exploitation Masterclass in Sydney having seen the attention to detail and the passion/mastery Peter has in the material I know I can expect much of the same high quality training.
**Testimonial for Corelan’s Stack Overflow Course**
“The Corelan Expert- Level Stack course is nothing short of transformative. As a professional in cybersecurity and reverse engineering, I have taken my fair share of technical training, but this course stands out for its clarity, depth, and hands-on approach. Peter have an unparalleled ability to demystify complex concepts, turning a seemingly daunting topic like stack overflows into something manageable and empowering.
The balance between theory and practice is exceptional. The detailed explanations of memory structures, exploitation techniques, and real-world applications are immediately reinforced through guided labs that mirror real-world scenarios. By the end of the course, I felt confident not only in identifying vulnerabilities but also in crafting exploit code responsibly and efficiently.
What sets this course apart is the passion for knowledge-sharing and their focus on fostering a deep understanding rather than rote learning. This is not just a course; it’s a career-enhancing experience. Whether you’re a penetration tester, a reverse engineer, or simply someone eager to understand exploitation at its core, I wholeheartedly recommend this course. Corelan’s training doesn’t just teach you how to do something—it equips you with the why, which is invaluable in this field.”
The Corelan Stack course provided an in-depth understanding of buffer overflows and exploit development. The hands-on approach and expert guidance helped me sharpen my skills in real-world exploitation techniques. It also filled in gaps in my understanding of common misconceptions about stack and memory management, clarifying key concepts that were previously unclear. I highly recommend this course to anyone serious about mastering exploit development.
I took the Stack course in May of 2024. I had always meant to get around to learning more about buffer overflows and stack based exploitation, but never found the time. I will admit that I felt I was struggling to grasp a lot of the concepts initially, but Peter did an exceptional job of helping make sure we all understood everything he was teaching. You could tell Peter’s heart was in teaching the material and never once did I feel like he was “getting through the material just for the sake of getting over it” as I have in many other classes. Even though it was only 4 days, I feel that I am miles ahead of where I begun the week at and have no hesitation in recommending this course to anyone able to take it. I am signed up for an upcoming Heap course and am super excited for all that I will learn there!
This training is a deep technical binary exploitation course with a focused approach towards the Windows Internals, the Stack Internals, and the Heap Internals.
The instructor’s thought process as an experienced exploit developer changes your worldview about how you approach software/bugs/exploitation, what questions you ask, and developing a methodology.
The instructor can clearly illustrate visual diagrams of how memory corruption exploitations occur on a conceptual level as well as what happens given a specific case study of a CVE.
The instructor questions and challenges your thinking, stepping through the debugger, and building your understand of the instruction and interaction with the system.
The instructor provides a systematic, thorough, and realistic list of CVEs/exercises, across OS versions, that covers what was taught in the class and more, even pushing you into starting your own research.
You get the opportunity to meet and network with other individual invested in doing deep technical work, which may be rare.
There are few to no other courses that offers this level of technical depth that is being covered, at least not publicly.
Testimonials that give you a good sense of what the course is like beyond the page of the course content description : Voidsec Wiebe Willems Matteo Malvica Gershom Rogers Rikkert Ten Klooster Mario Kornab Nick Kapil Khot
Attended the combo; Bootcamp and Advanced Training.
Well,
if I would write out this testimonial the way it deserves to be written, the length of the string would trigger a buffer overflow.
The fact that I understand what that exactly means is a testimonial by itself. I came in on Friday with zero exploit knowledge, and left on Monday with a million more questions – all of them derived from an actual understanding of the mechanics of the system, the logic behind the exploits, and the methods of delivery.
Having a wide, deep understanding of the topic he is teaching, Peter delivers high speed, very precise, very technical lectures that are accompanied by real case demos and challenging labs. There is no answer given, and there are no promises made – none save one – by the end of the class, you WILL write your first exploit.
Get a good night’s sleep, grab a VM or two, and start your exploit journey now.
I recently completed a 4-day boot camp with Peter, and I must say that, among all the similar courses I’ve taken on this topic, nothing quite compares to this one in terms of the breadth and depth of knowledge imparted in such a short span. Peter is an exceptionally motivated technology enthusiast with an amazing ability to simplify highly complex subjects, making them easily understandable. Admittedly, due to the nature of the topics covered in the boot camp, you might feel mentally taxed, but the wealth of knowledge gained is truly remarkable. I can’t recommend taking any of his classes enough. Now, it’s time to connect all the dots Peter delivered to me, and after that, I’m looking forward to enrolling in the advanced class next year.
If you really want to learn exploit writing instead of just talking about it this is the course you have to take. In 3 days i learned so much deep operating system stuff and debuggers, that an advanced SANS course seems to be a skript kiddie/rookie course compared with this one. Peter is a true legend in the security community and also an absolutely cool and unbelievable modest person, With mona he also developed THE industrial standard when it comes to exploit writing and i still can’t believe he gives that tool away for free. Thank you peter for an amazing expierence that let my brain melt and inspired me to work harder on my own skills. It was an honor to meet a true hacker. I hope i will be prepared quick enough to visit your Advanced class to complete my knowledge ;-).