Corelan Research

Two decades of exploit development research, techniques, and knowledge — shared openly and for free with the community.

Quick links:

Corelan Exploit Development tutorials
Support the community, get Corelan merchandise
Professional Exploit Development training

All articles:

 WATOBO – the unofficial manual

Corelan Team (fancy)July 23, 2010

WATOBO is intended to enable security professionals to perform highly efficient (semi-automated) web application security audits. I am convinced …

​ Read More

 How strong is your fu 2 - the report

corelanc0d3rJune 23, 2010
For anyone interested, this is _sinn3r's and tecr0c's writeup of the steps they took to own 4 out of the 5 machines in last weekend's HSIYF - Hacking…
​ Read More

 How strong is your fu : Hacking for charity

corelanc0d3rJune 22, 2010

Last weekend, Offensive Security hosted their second cyber hacking challenge, called "HSIYF For Charity". The goal of this challenge was…

​ Read More

 Exploit writing tutorial part 10 : Chaining DEP with ROP - the Rubik's[TM] Cube

corelanc0d3rJune 16, 2010
About 3 months after finishing my previous exploit writing related tutorial, I finally found some time and fresh energy to start writing a new …
​ Read More

 Offensive Security Hacking Tournament - How strong was my fu ?

corelanc0d3rMay 10, 2010

Hi, Over the last 2 days my friends from Corelan Team and I participated in a Hacking Tournament, organized by Offensive Security.  The primary …

​ Read More

 corelanc0d3r interviewed by Slo-Tech

corelanc0d3rMay 10, 2010

Introduction: We continue our series of interviews with a slightly »unusual« talk this time: Peter Van Eeckhoutte may be unknown to readers who …

​ Read More

Corelan Research is a long-running cybersecurity research project focused on exploit development, vulnerability research and Windows internals.
Since 2009, we have published deep technical tutorials covering topics such as stack-based exploitation, heap exploitation, shellcoding, reverse engineering and debugging.
These tutorials have helped thousands of security researchers, penetration testers, exploit developers and exploit dev trainers learn how modern memory corruption vulnerabilities work.