Corelan Heap Exploit Development Masterclass

A review of the Corelan Heap Exploit Development Masterclass at SINCON 2024! Tldr; challenging, engaging, and special. Highly recommended.

Corelan Heap Exploit Development Masterclass

I attended the Corelan Heap Exploit Development Masterclass organised by SINCON/Div0 in Singapore in March 2024.

Corelan is a well-known name in the exploit development space. If you've ever done any sort of exploit development, it is inevitable that you would have come across, an indispensable tool for exploit development, released and maintained by Corelan. Corelan has also published many in-depth articles about exploit development over the years.

While I have a bit of experience stack-based exploit development, I was entirely unfamiliar with heap exploitation. So it was with a little trepidation that I signed up for the course because I was worried that the training would be so deeply technical that I would have a hard time catching up.

Additionally I had also heard stories of the course - look away for a minute and you'll be lost, there is a backbreaking amount of work to be done after a whole day of practice... and so on.

I'm happy to report the stories I heard were all real and very true. 😆

I could say that this course is well structured, the content was polished and delivered confidently, and Peter was an engaging instructor that maintained a high level of energy and positivity throughout the training, ensuring that everyone was caught up before moving on.

I could say all that, and I have, but it still does not do justice to what the course is.

It is an invitation to a world-class heap exploitation training regimen, supplemented with a fully furnished training gym, delivered by an expert instructor on how to best train and use the assembled equipment so that you can realize those heap exploitation gains.

I think the fitness comparison is quite apt. Information how to exploit the heap exploitation is out there. Peter has been very generous in sharing his knowledge on heap exploitation with the cybersecurity community. In fact, he has already published the basics (and more) on heap exploitation more than a decade ago.

Exploit writing tutorial part 11 : Heap Spraying Demystified | Corelan Cybersecurity Research
A lot has been said and written already about heap spraying, but most of the existing documentation and whitepapers focus on IE7 or older versions. Although there are a number of public exploits available that target IE8, the exact technique to do so has not been really documented in detail. Of cour…

You can definitely learn it for yourself. The difference is the question of what should you learn, what are the key concepts to know, and how can you apply the knowledge. For fitness, that is akin to working out without knowing exactly what you should concentrate on to achieve your goal. You might get lucky and achieve it, but it is more likely you might be training the wrong muscles, or training in the wrong order or the other myriad mistakes that a beginner can make when they are just starting out.

The Corelan course takes away all of that ambiguity and delivers a ton of content, insights, and advice taken from a long and successful career.

More than just the how, the why and the when were also covered...

The content is challenging but structured such that there are hints and guidance so you are never really stuck or require knowledge other than what is taught. It is not simply about slavishly copying the steps to achieve the objective, but understanding how and why each piece comes together to solve the problem you have in front of you and to apply them in creative new ways

Four days is too short to absorb for the total content that was delivered. I feel that each time I go over my notes I make a new connection and learn something new (to me). I am grateful that Peter managed to encode and squeeze so much information into those few jam-packed days.

And after those few days, we were gifted with sufficient homework to last what seems like the next few years. Peter still offers his support after the class for this homework, and that is something that this course goes beyond what the typical conference training course offers.

Given that there is so much content, on reflection, it is surprising to me that the key thing I took away from the course is not something material, but rather it was the methodology as well as the confidence to understand and approach heap exploitation myself.

It was a privilege attending the course and it opened my eyes a whole new area of exploitation.

I recommend it without qualification to anyone who is looking to level up their exploit development skills.