Corelan Research

Two decades of exploit development research, techniques, and knowledge — shared openly and for free with the community.

Quick links:

Corelan Exploit Development tutorials
Support the community, get Corelan merchandise
Professional Exploit Development training

All articles:

 Debugging Fun - Putting a process to sleep()

Corelan Team (Lincoln)February 29, 2012
Recently I played with an older CVE (CVE-2008-0532, http://www.securityfocus.com/archive/1/489463, by FX) and I was having trouble debugging the CGI …
​ Read More

 Exploit writing tutorial part 11 : Heap Spraying Demystified

corelanc0d3rDecember 31, 2011
A lot has been said and written already about heap spraying, but most of the existing documentation and whitepapers focus on IE7 or older versions. …
​ Read More

 Many roads to IAT

DinosDecember 1, 2011
A few days ago a friend approached me and asked how he could see the import address table under immunity debugger and if this could be done using the…
​ Read More

 WoW64 Egghunter

Corelan Team (Lincoln)November 18, 2011

Traditional Egghunter An Egghunter is nothing more than an assembly routine to find shellcode somewhere in memory. We typically deploy an Egghunter …

​ Read More

 Corelan T-Shirt Contest - Derbycon 2011

corelanc0d3rSeptember 14, 2011
September is going to be a busy month. With Brucon approaching very fast and Derbycon on its way as well, it looks like I will be spending more …
​ Read More

 Metasploit Bounty - the Good, the Bad and the Ugly

Corelan Team (Lincoln)July 27, 2011
On June 14, 2011 HD Moore announced the Metasploit Bounty contest, offering a cash incentive for specific vulnerabilities to be submitted as …
​ Read More

Corelan Research is a long-running cybersecurity research project focused on exploit development, vulnerability research and Windows internals.
Since 2009, we have published deep technical tutorials covering topics such as stack-based exploitation, heap exploitation, shellcoding, reverse engineering and debugging.
These tutorials have helped thousands of security researchers, penetration testers, exploit developers and exploit dev trainers learn how modern memory corruption vulnerabilities work.