top of page
BruCON-2022-102 (1).png

Corelan Stack

3-day in-person (long days, dinner included)

A modern, Windows 11-focused deep dive into userland stack exploitation, created & taught by an experienced exploit developer and instructor.  You’ll gain a clear, evidence-based understanding of how things really work from fundamentals all the way to full ROP mastery. You’ll learn not just what works, but why it works — the Corelan way. Corelan Stack, step 1 towards CCED.

Course Overview

What will you learn !

Windows Internals

Architecture & Memory Management, Registers,

Assembly, WoW64

Exploit Dev Lab

WinDBG/WinDBGX. Learn mona.py from the author

Stack Buffer Overflows

In depth coverage.

Precision & control, the Corelan way

Egg hunters

Using egghunters in modern Windows versions

Bad characters

Identifying & avoiding bad chars

Exploit frameworks

Write and port exploits to Metasploit framework

ASLR, DEP

ASLR bypasses and ROP mastery

Intro to x64

Stack buffer overflows on x64

Course content

The x86 environment

  • System Architecture

  • Windows Internals

  • Windows Memory Management

  • Registers

  • Introduction to Assembly

  • Assembling & disassembling

  • The Stack - concepts & mechanics

  • WoW64

The exploit development lab environment

  • Setting up the exploit developer lab

  • Introduction to WinDBG/WinDBGX

  • Using debuggers / debugger plugins to gather primitives

  • Learn how to use mona.py directly from the author

Stack Buffer Overflows

  • Stack Mechanics & Stack Buffers

  • How functions work. Calling conventions & more

  • Saved Return Pointer Overwrites

  • Stack Canaries/Cookies

  • Structured Exception Handlers

  • etc

Egg Hunters

  • Egghunter techniques

  • Egghunters on Wow64

  • Syscall & EH based egghunters

  • Egghunters for Windows 10/11

Bad Characters

  • Identifying bad characters

  • Avoiding bad characters

Metasploit framework Exploit Modules

  • Writing exploits for the Metasploit Framework

  • Porting exploits to the Metasploit Framework

ASLR

  • Bypassing ASLR

Data Execution Prevention (DEP)

  • Bypassing NX/DEP with ROP/COP/JOP

  • Return Oriented Programming Templates & Frameworks

  • Using mona.py to create ROP chains

  • Troubleshooting mona generated ROP chains

  • Finding/Resolving interesting functions for use in ROP

  • ROP & badchars: ROP Runtime Patching (a.k.a. ROP Decoder)

Intro into x64 stack based exploitation

  • x64 processes, memory map, registers

  • Functions & calling conventions

  • Structured Exception Handling

  • Stack Buffer Overflow

  • ROP

  • Shellcode

FREE BONUS CHAPTER: Unicode buffers

  • Effect of Widepage conversion

  • Venetian alignment

  • Venetian Shellcode


Why you should take Corelan Stack!

✅Modern and up-to-date - built on the latest Windows 11 versions

✅Fundamental knowledge - stack mechanics are essential for modern mitigation bypasses

✅Still relevant - stack buffer overflows may be less common, they absolutely still matter

✅Critical for modern exploitation - both stack + heap understanding is required

✅Evidence-based learning - we teach the why, not just the how

✅Mindset transformation - students report a lasting shift in how they approach challenges

✅The most complete in-person class on Windows stack exploitation available

✅Trusted worldwide - thousands trained, including military, intelligence & private sector

✅Real classroom experience - far beyond books & recorded content

✅Your first step towards the one certificate that rules them all: CCED


Investment protection

Corelan courses are built on decades of research, real-world experience, and hundreds of hands-on exercises. We push hard to deliver as much value as possible in just a few days — but we also know that no one becomes an expert overnight.


True mastery requires practice, repetition, and exploration long after the class ends. That’s why your learning doesn’t stop when the class is over.


You take home the full courseware, your own lab environment, a collection of exercises, bonus content and the freedom to learn and refine your skills at your own pace.


And when new questions arise — we’re here to help. Every student receives FREE post-training support.


This long-term support system is unique in the industry and one of the best ways to protect the investment you made in a Corelan class, and in your own future.



Target Audience


  • (Aspiring) Exploit Developers & Vulnerability Researchers

  • Security professionals who want to understand exploitation from first principles

  • Red Team Operators looking to strengthen their low-level Windows exploitation skills

  • SOC, DFIR and Blue Team Analysts who want to better understand the "enemy" / exploitation at a deeper level.

  • Malware analysts interested in execution flow, shellcode, and ROP techniques

  • Security researchers starting with memory corruption and exploit development

  • C/C++ developers who want to understand stack corruption and mitigation bypasses

  • Military / Law Enforcement / Intelligence Operators working with advanced tooling and targets

  • Professionals who prefer hands-on, in-person learning over static material

  • Anyone beginning their journey toward CCED

Pre-requisites


Technical Prerequisites

Unless specified otherwise, students are required to bring the following :

  • Laptop(16Gb RAM or more) capable of running 2 VMs simultaneously (Windows 11 and Linux)

  • VM software (VMWare/VirtualBox/...)

  • Admin rights

  • 2 Lab Virtual Machines

We will send out detailed VM Lab machine instructions about 2 weeks before class. Your 2 Lab VMs must be setup prior to the start of class!


Knowledge and attitude

Get ready to focus and learn.

Skills needed:

  • Read/write python scripts

  • Read very basic C(++) code

  • Manage your Windows/Linux VMs

  • Basic use of msfconsole (Metasploit)

  • Basic experience with assembly and a debugger is useful (but it's not an absolute must)


Legal Prerequisites

It will be required to sign a confidentiality agreement at the start of the course. You will not be admitted to the course without signing this document.  You can find a copy of the document here. (we'll bring a printed copy)

Trainer Bio


Peter Van Eeckhoutte is the founder of Corelan Team and the author of the well-known tutorials on Win32 Exploit Development Training, available at https://www.corelan.be. The team gathers a group of IT Security enthusiasts and researchers from around the world, who all share common interests : doing research, gather & share knowledge, and perform responsible/coordination disclosure. Above all, the team is well known for their ethics and their dedication to helping other people in the community. Together with the team, he has developed and published numerous tools that will assist pentesters and exploit developers, and published whitepapers/video’s on a wide range of IT Security related topics (pentesting tools, (malware) reverse engineering, etc). 

You can find some of the tools on the Corelan github page: https://github.com/corelan 


The team also moderates a Discord workplace (with various channels) that provides a platform for people who want to talk about exploit development or discuss wider IT Security topics.  Follow us on Twitter (@corelanconsult) and Facebook (corelanconsulting) to get a Discord invite


Peter is reachable on Twitter via @corelanc0d3r

Peter has been an active member of the IT Security community since 2000 and has been working on exploit development since 2006. He presented at various international security conferences (Athcon, Hack In Paris, DerbyCon, ISSA Belgium) and taught various Win32 Exploit Development courses at numerous places around the globe. He trained security enthusiasts & professionals from private companies, government agencies and military organizations.

You can read more about their experiences here: https://www.corelan-training.com/index.php/testimonials/

bottom of page