The Corelan Certified Exploit Developer (CCED) title is designed to validate a comprehensive set of skills, knowledge, and professional qualities essential for high-level exploit development in the Microsoft Windows Userland environment. It is not designed for the masses, it rewards exceptional skill and dedication, by requiring examinees to pass 5 different phases in an exam that may take months to complete.
CCED represents excellent skills in the following areas:
1. Strong Theoretical Foundation
CCED demonstrates a deep understanding of Windows Userland processes, memory management, stack and heap usage, common memory corruption types, and techniques to bypass exploit mitigations.
2. Practical Exploit Development Skills
CCED Proves the ability to develop reliable exploits for both stack-based and heap-based vulnerabilities in complex software environments. This includes identifying and leveraging exploit primitives, understanding heap internals, navigating memory layouts, and chaining techniques to achieve successful exploitation. In the practical phase, examinees have to complete a wide variety of challenges.
3. Ability to Learn and Apply New Concepts
Going further, CCED demonstrates the skill to read, understand, and apply technical documentation and whitepapers related to modern exploitation techniques, and to integrate newly acquired knowledge into practice.
4. Independent Research Skills
CCED also represents the ability to investigate novel topics, synthesize complex information, and perform self-directed research using publicly available resources.
5. Technical Communication and Justification
Demonstrates the ability to produce clear, detailed technical documentation, explain design and development decisions, and defend the reasoning behind exploit strategies and implementation choices.
As part of the evaluation, each examinee must successfully complete a one-on-one interview with Peter Van Eeckhoutte, during which their work, choices, and understanding will be critically examined.
Passing this interview enables Peter to personally vouch that the candidate possesses substantial, real-world skills and a deep understanding of exploit development.
Long-Term Commitment to Mastery
While most exams and certificates simply represent a snapshot in time, the Corelan Certificate also represents the choice and capacity to maintain and refine technical skills over time—to stay current with evolving security mechanisms and exploitation strategies, and to remain a high-value, trusted professional in the field. After 3 years, CCED title holders have the option to submit evidence once per year that they dedicate efforts to continue to learn and evolve. The status page will reflect the last date of submission.
At Corelan, we believe individual certificates for stack and heap don't make much sense.
Real-world exploit development in Windows Userland requires a deep, integrated understanding of both.
The CCED reflects that reality—comprehensive & cohesive, covering all of Userland at the same time.
Unlike most certifications, the CCED includes a mandatory one-on-one interview with its creator and Corelan founder Peter Van Eeckhoutte.
During this in-depth session, the candidate must defend their technical decisions, explain their work, and demonstrate their understanding in real time.
This direct verification ensures that the individual not only completed the exam independently, but also possesses a deep, working knowledge of Windows Userland exploit development—validated by a respected expert in the field.
Unlike mass-market certifications, CCED is tailored for those pursuing excellence over volume.
The goal is not to certify the most people or sell the most boxes or exams — it’s to recognize the best. The exceptional.
