The CCED Exam consists of five phases:

1. Theory 

In this initial phase, you must demonstrate a solid theoretical understanding of the key mechanisms, techniques, terminology, and concepts related to exploit development in the Windows Userland environment. 
✅ A minimum score of 70% is required to advance to the next phase. 

2. Exploit Development

After passing the theory phase, you will be required to demonstrate practical skills by developing exploits for both stack- and heap-based memory corruption vulnerabilities. 
Additional challenges may be included to further assess your capabilities. 
You must also submit detailed documentation (text, screenshots, etc) of your exploit development process, including step-by-step explanations and the corresponding code, for evaluation. 
This phase will be graded based on the following criteria:
✅ Functionality: Does your code/solution work reliably, does it demonstrate a thorough understanding of the techniques used?
✅ Code quality: Readability, structure, and maintainability of the code.
✅ Documentation: Clarity and completeness of the supporting documentation.
✅ Effort: Overall dedication and thoroughness demonstrated in your work.

In order to allow you to work on the challenges without relying too much on external factors, you will need to set up your own virtual machines and run the challenges locally.  You will receive VM Lab Setup instructions as soon as Phase 1 begins.

3. Research 1 (Whitepaper) 

In this phase, you will receive a whitepaper to study and analyze. 
Your objective is to understand the presented techniques and complete technical challenges that demonstrate your comprehension and ability to apply them. 
This phase evaluates your capacity to independently learn and implement new exploit development concepts. 

4. Research 2 (Public Resources) 

Here, you will independently research an advanced exploit development topic using publicly available resources. You are expected to thoroughly explore the subject, synthesize your findings, and produce a concise, well-structured paper. 
You may also be asked to include supporting code or tools to demonstrate your applied understanding of the topic. 

5. One-on-One Interview 

In the final phase, Peter Van Eeckhoutte will personally verify that all submitted work is your own. 
He will assess your understanding of the concepts, research, techniques, and decisions made throughout the exam process. 
During this live video interview, you may be asked to explain your reasoning, the choices you have made, answer in-depth technical questions, and/or even reproduce certain steps inside a debugger in real time. 


Timeline & Completion 

Phases 1 through 4 must be completed within two months of completing the sign-up process. 
After submitting all required deliverables, a date and time will be scheduled for the one-on-one interview with Peter Van Eeckhoutte. 
You will be awarded the CCED title upon successful completion of all five phases.

Letter of Motivation 
Start by writing your motivation letter. This will help you get into the right mindset.
Details about what the letter should contain are available on the sign-up page as well as in the FAQ section called "How do I sign up" above.

Prerequisites 
You must have completed both the Corelan Stack and Corelan Heap classes.

Skills & Practice 
☑️ Redo the Stack class exercises, with special focus on building DEP bypasses. Try creating your own ROP chains from scratch.
☑️ Work through the Heap class exercises thoroughly as well (especially the homework exercises).
☑️ Revisit the internals of BEA and FEA on Windows 11.
☑️ Be prepared to perform your own research, even on topics not explicitly covered in class. Some exam challenges may require applying concepts to new environments.

Resources 
All exam challenges are doable, but they require creativity, persistence, and adaptability.
Over time, successful candidates may share their own study guides online. Keep an eye out for these resources.
Of course, if you decide to share your own study guide, please remember to respect the rules outlined in the Exam Agreement 😉 

 💡 Final note: 
Approach preparation with curiosity and determination. The more you practice, the better equipped you’ll be to succeed. Good luck!

The goal of the CCED exam is to validate expertise in Windows Userland exploit development, covering both Stack and Heap exploitation.​  It attempts to measure current skill, as well as potential.

• 
  
• Phase 1 (Theory):  Candidates must achieve a minimum score of 70%. This is a strict requirement.
• Practical Phases: Successfully solving a challenge strongly supports passing, but it is not the sole factor. A working exploit alone does not always demonstrate full understanding — luck or external assistance (e.g., AI) may play a role. Conversely, not completing a challenge does not automatically mean failure. Absence of a solution is not necessarily absence of knowledge.
• Documentation: Clear, detailed documentation that evidences understanding of the mechanics is crucial and significantly strengthens a candidate’s case
• Phase 5 (interview): The one-on-one interview is designed to resolve any doubts. Candidates must be able to explain their decisions, justify techniques, and demonstrate mastery without assistance 

Ultimately, the grading is based on a holistic evaluation of performance across all phases. While there is some subjectivity, Corelan’s reputation rests on the credibility of this certification. There will be no favoritism — only genuine expertise will earn the CCED title. Good luck!

Maybe you had a bad day. Or a few.
Maybe you just weren’t ready. Hey, it happens. 

Whatever the reason, a second attempt is included in the exam fee—but there are a few important conditions: 
➡️ You must wait at least 3 months after your first attempt before retaking the exam
➡️ If you fail a second time, you must wait at least 6 months before signing up again.  You only get one attempt the second time you sign up
➡️ You can only sign up twice in total 

This exam wasn’t designed to hand out certificates like they’re free cookies.  It’s not just another bullet point for your résumé.

The CCED title is a highly specialized certification, meant only for those who truly need to demonstrate deep, practical skills in exploit development for Windows.

Congratulations — you did it! 🎉

Passing the CCED exam is no small feat — you’ve just joined the "CCED Circle", an limited group of exploit developers who went the distance and conquered the challenge.

Here’s what you get:

• Your Certificate of Glory: ​A high-resolution certificate image, complete with Peter’s signature. Ready to print, frame, or display on every screen in your house (yes, even replacing your TV,  After all, nothing streams prestige like your CCED title).
  
  
• Worldwide recognition: Your name immortalized on the official CCED Hall of Excellence (Status Page), where peers, recruiters, and the security community at large can see that you’ve earned one of the most respected titles in exploit development.
  
  
• Bragging Rights: The CCED badge of honor sets you apart — because not everyone can claim mastery at this level. In fact, very few can.

Hey, that’s not cool!

The CCED title is meant to reflect real, hard-earned skill in exploit development—not your ability to copy, leak, use AI to answer theoretical questions, to cheat in any form or shape, to have someone else take the exam on your behalf, etc.

Yes, we know it’s technically impossible to prevent all forms of cheating. 

But here’s the thing: if you do cheat, and your skills in the real world don’t live up to the expectations that come with the CCED title, people may notice. 
And let’s be honest—nothing ruins credibility faster than being the person who "passed the CCED" but can’t actually do the job.
On top of that, it doesn’t just hurt your reputation. It hurts ours too. And we care about that.

So, here's the deal:
❌ If you're caught cheating during the exam—you fail. Instantly.
❌ If you share exam content during or after the exam (exercises, solutions, formats, etc.), your CCED title will be revoked (assuming you even got that far). 
❌ If you're caught, you will never be allowed to retake the CCED exam or attend a Corelan class.
❌ And no, you won’t get a refund. 

Bottom line: Play fair. Do the work. Earn the title. Be proud of it.  And if you fail, don't forget that this title is not for the masses.  It's only for those that want to take the extra mile and put in the exceptional effort to excel at exploit development for Windows Userland.

If you cheat... well, you may gain a certificate, but you’ll lose your credibility if/when people find out.

The CCED is designed to recognize relevant, up-to-date expertise in exploit development for Microsoft Windows Userland.  As with most certifications, the exam measures a specific set of skills at a particular point in time. 

However, the true value of the CCED lies in your continued commitment to mastering your craft beyond the exam.

While the CCED title does not currently expire, we strongly encourage certified individuals to demonstrate their ongoing learning journey.

Starting three years after earning your CCED title, you will have the option to submit documentation—once per year—that proves you have actively maintained and developed your skills in the field of Windows Userland exploit development.  
Submitted documentation must include sufficient technical detail to justify a CCED status extension.  In other words, the documentation must represent & reflect content/knowledge that is up-to-date.

Your official CCED status will indicate the date of your most recent approved submission.

... how realistic is it for me to pass the exam?

That's a very good question.  

The exam covers stack and heap exploitation on a variety of Windows versions, but it definitely includes Windows 11.  ​If you haven’t kept up with building or maintaining your knowledge of the Windows 11 Heap manager, it’s unlikely you’ll pass.

Even if you have taken the Heap class recently, it is important to get a lot of practise and to actually solve the homework that was provided.  Without the hands-on experience, the exam will be quite tough to pull off.

Can I just get/buy an updated version of the course and study on my own?

Not really, at least not at this time. It wouldn’t feel right, because the courseware alone may not prepare you fully for the exam. While the course materials are detailed, they aren’t a step-by-step guide. 

To truly grasp the nuances and exploitation techniques, attending the class is essential. 

Corelan classes are reasonably priced, and if you’re serious about earning the CCED title, retaking the class is a worthwhile investment. 

Suggesting to retake the class feels like you're just trying to take more money

I understand why it might feel that way. Rest assured, taking a Corelan class already has—and will continue to have—market value. The skills and knowledge you gain are immediately applicable in exploit development, and our classes are widely recognized as best-in-breed. Even without the exam, completing the class earns you respect in the industry.

At the same time, continued learning and self-development are essential—it takes initiative and effort. If you’ve been actively keeping your skills up to date, the exam will reflect that.

The exam isn’t just a formality; it tests deep understanding across multiple Windows versions, including recent updates like Windows 11. Skills from a class taken many years ago may no longer align with the exam’s scope or the modern Windows landscape.

Courseware alone isn’t enough to guarantee success. The exam requires hands-on experience and a deep grasp of the techniques taught in the class. Retaking the class isn’t about taking more money; it’s about ensuring candidates are fully prepared to meet the standard required for the CCED title.