Course Review: Corelan Exploit Development

March 5, 2022
Category: Reviews

Elliot Chernofsky was our first member selected as a part of a partnership between VetSec and the Center for Cyber Security Training. Through this strategic partnership, VetSec is able to provide some advanced level training for our veterans that are already established in the Cybersecurity field. Below is his review of the training he attended, Corelan’s Exploit Development Bootcamp.

Corelan’s Windows Exploitation Bootcamp training was a very thorough and deep dive into the necessary beginning stages of exploit development and Windows Internals. It covered a large amount of material in a short amount of time, all taught from the best person in this space. Although there was a lot of complex and difficult material, it was broken down into very digestable pieces, with great labs to learn from all throughout. Not only that, Peter has a great sense of humor, so he manages to always make the class a light and enjoyable atomosphere. Even with prior knowledge of some of the material and concepts, you will certainly learn a lot from this training, as Peter will take you through understanding the core of each mechanism and give you a deeper understanding of why things are the way they are. My knowledge has grown exponentially on Windows Internals and Mitigations, Stack Buffer Overflows, Reliable Exploitation, ASLR & DEP Bypassing, and how to write a Metasploit Exploit Module.

I highly recommend this course to anyone interested in exploit development, even if you think you aren’t fully prepared. Peter goes through Windows internals and gives a good break down of System Architecture and a quick introduction to x86 Assembly that will give you the ability to succeed. Don’t be afraid if you are unable to fully wrap your head around the concepts during the training, Peter also offers each student access to his student-only support system, where he will guide you through labs and material to help you better understand what you need to do and why.

If you want to brush up on anything before the class, I would recommend being a little bit knowledgable with x86 Assembly, just so you can keep up a bit better when doing labs on your own. Though Peter will certainly give a great explanation for all of the exploitation concepts and mechanisms, even without you being an Assembly Pro.

I want to give a shout out to VetSec and Center for Cyber Security Training (CCST) for giving me the opportunity to attend this training! VetSec is a non-profit that helps military members and veterans seeking to get into the Cybersecurity field by providing many free resources, including training, resume writing help, job advertisements/referrals, general all-around support, and mentors among many other things!