Corelan Research

Two decades of exploit development research, techniques, and knowledge — shared openly and for free with the community.

Quick links:

Corelan Exploit Development tutorials
Support the community, get Corelan merchandise
Professional Exploit Development training

All articles:

 HITB 2011 CTF - Reversing Vectored Exception Handling (VEH)

Corelan Team (fancy)April 3, 2011
Today we will have a look at a CTF binary from HITB pre qualifications CTF 2011. This is an interesting binary to reverse because Vectored Exception…
​ Read More

 Honeynet Workshop 2011

Corelan Team (ekse)March 30, 2011
March 21th I was in Paris for the annual Honeynet Workshop. For the first time this year there was a conference day accessible to the general public.…
​ Read More

 Pastenum - Pastebin/pastie enumeration tool

Corelan Team (nullthreat)March 22, 2011
When conducting a pen-test, the process typically starts with the reconnaissance phase, the process of gathering information about your target(s) …
​ Read More

 BlackHat Europe 2011 / Day 02

corelanc0d3rMarch 18, 2011
Having missed the IOActive party last night, I woke up fresh and sharp and ready for some kick-ass debugger stuff so I decided to start my second day…
​ Read More

 BlackHat Europe 2011 / Day 01

corelanc0d3rMarch 17, 2011
After having breakfast, chatting with ping and hanging out with @kokanin, @xme and @wimremes, it was time to start attending the various talks. So, …
​ Read More

 BlackHat Europe 2011 / Preview

corelanc0d3rMarch 16, 2011
Things change. 11 months have passed since a lot of people found themselves trapped all over Europe (including Barcelona) because of a little volcano…
​ Read More

Corelan Research is a long-running cybersecurity research project focused on exploit development, vulnerability research and Windows internals.
Since 2009, we have published deep technical tutorials covering topics such as stack-based exploitation, heap exploitation, shellcoding, reverse engineering and debugging.
These tutorials have helped thousands of security researchers, penetration testers, exploit developers and exploit dev trainers learn how modern memory corruption vulnerabilities work.