You can sign up (providing that you meet the requirements) starting September 2025.  Please keep an eye on our Social Media for further announcements regarding the exact date.

🗓️ Before signing up, please take the time to prepare a letter of motivation, detailing why the title of CCED is important to you and why you're motivated to doing the work to achieve this certificate. 

This is what the actual sign-up process looks like:
1️⃣ Submit the motivation letter together with a copy of your picture ID, requesting to sign up for the certification exam.
2️⃣ Sign the agreement (terms & conditions, non-disclosure agreement, etc)
3️⃣ Execute the full payment
4️⃣ When the full payment has been received, details will be shared on how to get started.

The CCED Exam consists of five phases:

1. Theory 

In this initial phase, you must demonstrate a solid theoretical understanding of the key mechanisms, techniques, terminology, and concepts related to exploit development in the Windows Userland environment. 
A minimum score of 70% is required to advance to the next phase. 

2. Exploit Development

After passing the theory phase, you will be required to demonstrate practical skills by developing exploits for both stack- and heap-based memory corruption vulnerabilities. 
Additional challenges may be included to further assess your capabilities. 
You must also submit detailed documentation of your exploit development process, including step-by-step explanations and the corresponding code, for evaluation. 

3. Research 1 (Whitepaper) 

In this phase, you will receive a whitepaper to study and analyze. 
Your objective is to understand the presented techniques and complete technical challenges that demonstrate your comprehension and ability to apply them. 
This phase evaluates your capacity to independently learn and implement new exploit development concepts. 

4. Research 2 (Public Resources) 

Here, you will independently research an advanced exploit development topic using publicly available resources. You are expected to thoroughly explore the subject, synthesize your findings, and produce a concise, well-structured paper. 
You may also be asked to include supporting code or tools to demonstrate your applied understanding of the topic. 

5. One-on-One Interview 

In the final phase, Peter Van Eeckhoutte will personally verify that all submitted work is your own. 
He will assess your understanding of the concepts, research, techniques, and decisions made throughout the exam process. 
During this live video interview, you may be asked to explain your reasoning, the choices you have made, answer in-depth technical questions, and/or even reproduce certain steps inside a debugger in real time. 


Timeline & Completion 

Phases 1 through 4 must be completed within two months of completing the sign-up process. 
After submitting all required deliverables, a date and time will be scheduled for the one-on-one interview with Peter Van Eeckhoutte. 
You will be awarded the CCED title upon successful completion of all five phases.

Maybe you had a bad day. Or a few.
Maybe you just weren’t ready. Hey, it happens. 

Whatever the reason, a second attempt is included in the exam fee—but there are a few important conditions: 
➡️ You must wait at least 3 months after your first attempt before retaking the exam
➡️ If you fail a second time, you must wait at least 6 months before signing up again
➡️ You can only sign up twice in total 

This exam wasn’t designed to hand out certificates like they’re free cookies.  It’s not just another bullet point for your résumé.

The CCED title is a highly specialized certification, meant only for those who truly need to demonstrate deep, practical skills in exploit development for Windows.

The exam fee is €799 + VAT.

This includes one opportunity to retake the relevant parts of the exam if you do not pass on your first attempt.

Hey, that’s not cool!

The CCED title is meant to reflect real, hard-earned skill in exploit development—not your ability to copy, leak, use AI to answer theoretical questions, to cheat in any form or shape, to have someone else take the exam on your behalf, etc.

Yes, we know it’s technically impossible to prevent all forms of cheating. 

But here’s the thing: if you do cheat, and your skills in the real world don’t live up to the expectations that come with the CCED title, people may notice. 
And let’s be honest—nothing ruins credibility faster than being the person who "passed the CCED" but can’t actually do the job.
On top of that, it doesn’t just hurt your reputation. It hurts ours too. And we care about that.

So, here's the deal:
❌ If you're caught cheating during the exam—you fail. Instantly.
❌ If you share exam content during or after the exam (exercises, solutions, formats, etc.), your CCED title will be revoked (assuming you even got that far). 
❌ If you're caught, you will never be allowed to retake the CCED exam or attend a Corelan class.
❌ And no, you won’t get a refund. 

Bottom line: Play fair. Do the work. Earn the title. Be proud of it.  And if you fail, don't forget that this title is not for the masses.  It's only for those that want to take the extra mile and put in the exceptional effort to excel at exploit development for Windows Userland.

If you cheat... well, you may gain a certificate, but you’ll lose your credibility.

The CCED is designed to recognize relevant, up-to-date expertise in exploit development for Microsoft Windows Userland.  As with most certifications, the exam measures a specific set of skills at a particular point in time. 

However, the true value of the CCED lies in your continued commitment to mastering your craft beyond the exam.

While the CCED title does not currently expire, we strongly encourage certified individuals to demonstrate their ongoing learning journey.

Starting three years after earning your CCED title, you will have the option to submit documentation—once per year—that proves you have actively maintained and developed your skills in the field of Windows Userland exploit development.  
Submitted documentation must include sufficient technical detail to justify a CCED status extension.  In other words, the documentation must represent & reflect content/knowledge that is up-to-date.

Your official CCED status will indicate the date of your most recent approved submission.