Corelan Team Membership

This page outlines the process/procedure and rules on how to become a Corelan Team Member, and what rules to follow if you want to remain a Corelan Team member.

How to become a Corelan Team Member ?

1. Don’t beg. Don’t solicit. You need to be invited/contacted by a Corelan Team Member.

2. You will need to provide proof that you have found at least one vulnerability, and provide proof that you have performed responsible disclosure. (send us a copy of your communication with vendor/developer and include contact info/other proof so we can verify that the vulnerability discovery and communication is legit)

3. You need to provide proof that you are dedicated and willing to help other people (on Corelan forums, other forums, IRC, etc). Just telling people to “Google” for info is not what we consider to be helpful.

Tips : You need to be active. We are looking for proof that shows that you help other people on public forums. You can also register on the Corelan forum and help other people… Just make sure your work is visible & make sure we can see it (you can send us a link to your forum profile using the contact form at the bottom of this page)

4. You will need to pass a little chat with corelanc0d3r or anyone else from the Corelan Inner Circle (MSN).  (Make sure to install OTR (cypherpunks) prior to the chat.

5. When the first 4 steps have been taken, you will become a junior member of the team.  At that point, you will be requested to

  • write an intro about yourself in our internal forums
  • formally agree with our internal team and forum rules
  • take an online “entrance test” and document your findings.  When the test has been completed and documentation has been sent in, you will become a full member (= elevated permissions in the forum & access to certain hidden forums).

How to stay a Corelan Team Member ?

Simple. Continue to stick to the rules, at all times :

Fundamental forum/team rules :

1. Never use the knowledge, bugs, exploits, tools etc for illegal hacking/activity. Don’t do anything illegal in general. You can use tools/scripts/bugs/exploits/… as part of professional assignments, or in a controlled environment / an environment that you own. In any case, do not perform any activity on a host or network if you were not given explicit permission to do so. No member of Corelan Team can ever be held responsible for illegal activities performed by members of the team.

2. Don’t sell/spread ‘secrets’ / ‘techniques’ / ‘new bugs’ / … discovered by Corelan Team members, or discussed in the team unless all members agree. If new bugs are found, and poc/exploit code is written, do not make the code public until the team agrees. Do not even make the bug public until the team agrees (even if it does not mention the application name). (also, see step 4 about responsible disclosure)

3. Refrain from posting anything religiously, ethnical, and/or politically inspired (or just anything that would offend other people really).

4. Always practice responsible disclosure. If you find something new, always tell the team, and follow Corelan Team’s disclosure policy. When the vendor has issued a patch, then you have the option to disclose it to the world or keep it hidden.   If the vendor does not reply within a reasonable amount of time, or says it is not a problem, then we might go ahead and release.  (Of course, if you find something, you can also keep it hidden in the forum).   If you have found a vulnerability in an older version of an application (and the vulnerability is gone in a newer version, then feel free to post the vulnerability without telling the vendor first, if you want to). In any case, all communications to vendors must be processed via the Corelan MC (Master of Communications) : security@corelan.be, using the templates provided by Corelan Team. You’ll get more info on that once you joined the team.

Disclosure policy & procedure : see http://www.corelan.be/index.php/disclosure-policy/

5. Help others. If people ask questions about exploit writing, point them to our public forum and help them. Be kind, be patient. Nobody was born with all knowledge. This is one of the main goals of this team !

6. Give people proper credit for what they do. (This does not only apply to fellow members, but also to other people in general).  Credit people for what they have found, for what they have built. Don’t steal from others. Be honest, show respect.

7. Everything that is discussed within the team is private and confidential. Only after the team decides that something is ready to go public, then we’ll make it public, as a team. If we decide that some insights, some knowledge, whatever…   deserves a public tutorial, then we’ll talk about it and review the tutorial as a team before we put it our there.

8. If you want to publish an exploit on the internet, you are free to use your own name/alias, or just to use “Corelan Team” if the exploit has been discussed in the team first. You are free to use the corelan header as well, but that’s not required, if you don’t want to. Just make sure people receive proper credits for what they do, whether you use the corelan header or not .

9. Participate. If you only use your account to get information from others members, but you don’t actively participate yourself, they we may consider revoking your membership again. Of course, we know that people might be busy, and sometimes need a break or holiday…. That’s fine.   The general rule is : if you are going to be inactive for a longer time (few weeks and more), communicate about this with the other members. That way, people know what’s going on.  If you are inactive, without communication, for more than 5 weeks, you will be removed from the team.   Communicating with the other members is a fundamental form of respect and is considered very important.

10. Being a member of Corelan Team requires you to dedicate your work and findings to Corelan. If you are working on separate projects that conflict with one or more of the Corelan Team rules, then either stop doing those activities, or please leave the team. We will not accept conflict of interest cases or allow for any other grey areas that may be become a point of discussion.

11. All information/bugs/exploits/research and/or any other results of activities that were executed while being a member of Corelan Team, shared with the Corelan Team, will belong to Corelan Team at all times. If you ever leave the team, all information will remain property of Corelan Team.

12. Don’t use information found here / shared within Corelan Team for personal financial gain, don’t abuse members or recruit them to work on your own project.  If you want to recruit members for personal projects, then leave the team first and ask those members to leave the team as well.

13. Carry the Corelan Team membership and the values it stands for with pride and dignity.

14. Put the team goals above personal interests. Fight for each other. Fight for the team. Take that extra step, that extra mile, to help other team members.

15. Help fund the team if you can. You don’t have to fund yourself, but if people insist on sending a donation, refer them to the donations page on this website, or to the Corelan Merchandise store at http://www.cafepress.com/CorelanTeam

16. Be prepared to help funding hosting costs for Corelan servers.

If you break the rules, the team can decide to kick you out.

Corelan (Peter van Eeckhoutte) reserves the right to change these rules at any time, without prior notice

What if you believe Corelan should start monitoring your work, but you think we are not aware of it (yet) :

Provide us with some url’s / nicknames / … so we can take a look and start “following” you.  Send an email to peter.ve [at] corelan [dot] be, indicating where we can see your work, etc

 

Corelan Training

We have been teaching our win32 exploit dev classes at various security cons and private companies & organizations since 2011

Check out our schedules page here and sign up for one of our classes now!

Donate

Want to support the Corelan Team community ? Click here to go to our donations page.

Want to donate BTC to Corelan Team?



Your donation will help funding server hosting.

Corelan Team Merchandise

You can support Corelan Team by donating or purchasing items from the official Corelan Team merchandising store.

Protected by Copyscape Web Plagiarism Tool

Corelan on Slack

You can chat with us and our friends on our Slack workspace:

  • Go to our facebook page
  • Browse through the posts and find the invite to Slack
  • Use the invite to access our Slack workspace
  • Categories