Corelan Research

Two decades of exploit development research, techniques, and knowledge — shared openly and for free with the community.

Quick links:

Corelan Exploit Development tutorials
Support the community, get Corelan merchandise
Professional Exploit Development training

All articles:

 Malicious pdf analysis : from price.zip to flashplayer.exe

corelanc0d3rNovember 18, 2010
This morning, my generic attachment filter for MS Exchange reported that about 100 emails were put in quarantine because they contained a small zip …
​ Read More

 Offensive Security Exploit Weekend

Corelan Team (Sud0)November 13, 2010

Introduction I'm excited and honored to be able to announce that Sud0, one of our Corelan Team members, has won the Offensive Security Exploit …

​ Read More

 Metasploit module : HTTP Form field fuzzer

corelanc0d3rNovember 12, 2010

Introduction About a month after releasing an ftp client fuzzer module for Metasploit, I decided to release yet another fuzzer module I have been …

​ Read More

 HaXx.Me #3 - Corelan Team documentation

Corelan Team (rick2600)October 23, 2010

Last week (oct 17 2010), Lincoln (one of the Corelan Team members) informed the other team members about an ongoing hacking challenge (HaXx.Me #03) …

​ Read More

 In Memory Fuzzing

Corelan Team (sinn3r)October 20, 2010

Introduction In memory fuzzing is a technique that allows the analyst to bypass parsers; network-related limitations such as max connections, …

​ Read More

 Corelan official IRC channel online (freenode)

corelanc0d3rOctober 15, 2010

#corelan Some of you may have already noticed … Corelan team decided to open an official channel on IRC (freenode).  About 24 hours ago, the …

​ Read More

Corelan Research is a long-running cybersecurity research project focused on exploit development, vulnerability research and Windows internals.
Since 2009, we have published deep technical tutorials covering topics such as stack-based exploitation, heap exploitation, shellcoding, reverse engineering and debugging.
These tutorials have helped thousands of security researchers, penetration testers, exploit developers and exploit dev trainers learn how modern memory corruption vulnerabilities work.