People had warned me. “It’s 9am to 9pm,” they said. “You won’t sleep much.” They weren’t wrong.
Three days of Corelan Advanced Exploit Development in Sydney — one of the most well-regarded exploit development courses in the industry. If you’re considering it and wondering whether it’s worth the time, the money, and the sleep deprivation, here’s an honest breakdown of everything covered.
The short answer: yes. Absolutely worth it. Now here’s the longer version.
Day 1
010 — ASLR and DEP Recap
A deliberate warmup. If you’ve read the ASLR bypass whitepaper or worked through similar material before, this brings everything back into focus before the course gets into the harder stuff. Don’t skip it mentally just because it feels like revision — the framing matters for what follows.
020 — Heap Management Part 1
This is where the course earns its “advanced” label. A thorough introduction to the Windows Heap Manager — how the heap works, how memory is allocated and freed, and critically, the differences between the Windows 7 and Windows 10 heap managers. If you’re used to stack exploitation, the heap feels like a different discipline entirely. This module is substantial, and rightly so.
030 — Heap Spraying
What heap spraying is, why it works, when it’s useful, and how it differs between Windows 7 and Windows 10. Exercises included — not just theory. The platform differences matter more than people expect going in.
040 — WinDBG
WinDBG 101. Conditional breakpoints, logging, a genuinely useful cheat sheet, and night homework to reinforce it. If you’ve been getting by with Immunity Debugger, this will expand your toolkit considerably. WinDBG is uncomfortable at first. By the end of the course, it’s indispensable.
Day 2
050 — Heap Management Part 2
Deeper into the Windows Heap Manager. More exercises, well sequenced to confirm you’ve actually absorbed what was covered in Part 1 rather than just followed along. The exercises here are where the gaps in understanding show up — which is exactly the point.
060 — Heap Exploitation Part 1
This is where shells start happening. Moving from understanding the heap to actually exploiting it. Homework assigned. By this point the 9pm finish is very real.
Day 3
070 — Introduction to Memory Leaks
One of the most genuinely interesting modules. The phrase “memory leaks are created, not found” gets thrown around — this module is where you actually understand what that means. Memory leaks in the context of exploit development aren’t the same thing as the memory leaks you’d fix in application code. Understanding the distinction is important for anyone trying to develop reliable heap exploits.
080 — Heap Exploitation Part 2
Practical exercises using memory leaks to calculate offsets for exploits. By day three you’re tired, but this is where everything starts connecting — the heap manager internals, the spraying techniques, the debugger skills, the leaks. It comes together.
100 — What’s Next
Homework. Six to nine months worth of it. That’s not a joke. Corelan doesn’t pretend that three days makes you an expert — the course gives you the foundation and the direction; the work afterward is yours to do.
Honest conclusion
Peter Van Eeckhoutte is a great trainer. Not just technically — though he’s exceptional technically — but in the way that actually matters in a classroom: he doesn’t just give you answers. He helps you ask the right questions, which is how you learn to find answers yourself when the course is over.
The 32-bit focus bothered some people in the room. It didn’t bother me. The concepts transfer to 64-bit — some of the heap techniques won’t work out of the box in a full 64-bit environment, but understanding why they work in 32-bit is the prerequisite for adapting them. You don’t learn 64-bit heap exploitation by skipping 32-bit.
Would I recommend it? Without hesitation. If you’ve got the stack exploitation fundamentals down, understand ASLR and DEP bypass, and want to move into heap exploitation properly — this is the course.