Very concerning. Especially since they offer a nice bounty if their material is found to have been stolen....

Anyone think it would be worth anything for me to contact them?

(And FYI, ive never heard of Corelan, who are they?)

There's more here as well: https://www.corelan.be/index.php/2011/10/30/copyright-infringement-plagiarism-is-a-crime/

I sent a small donation, because they (the company that stole the content) should've at least asked for permission to use the tutorials on the Corelan website, as it's pretty much copyright protected.


If you have evidence, information, etc., then it will always be worth contacting them. All of their members are very friendly, and also very knowledgeable.

Corelan is a team of enthusiasts and professionals, where most if not all of them are very good with Exploit Development, and for instance, mona.py is one of the greatest addons for Immunity Debugger that they've made. (And that is just a small portion of all the work they've done for the community.)

They've been around for quite some time, and a lot of their members also participates in other projects, some are even in the Exploit-DB team, so if you've been around an offsec domain, then you've somewhat met a Corelan member too, at least in some sense that may sound strange 

Without Corelan, there wouldn't be a natural, reliable and good source of exploit development tutorials, and of course a lot more. The amount of content and value they've added to the community is enormous, so of course they must protect their copyright 

I think it's up to you, but I'm unsure how much good it would do, except making them aware that their customers are worried about this, which lowers their public relations image.

If they have stocks and it becomes a general issue I'm sure they will drop though  But the best thing to do, would be to find out if they're still actively stealing content or not, and then report it to the rightful owner(s).

Wow. I was about a hair away from starting to write for them in support of their portal revamp. Glad I decided to drop by before bed. Sent an email off telling them thanks, but no thanks, and a few more to warn off some other folks that I know. Plagiarism != cool. 

infoseci,
   Out of curiosity, where have these details been posted besides this forum? I'm not trying to nit-pick, I'm honestly asking because I haven't seen any of these details released to the public yet.  If there is an official method your organization is using to respond to these allegations please pass along those notes so we know where to go and get your side of the story.  If there is no such platform yet, then maybe you should reconsider wagging your finger at the community for not understanding your point of view.  At the moment this is a matter of perception that is being weighed in the court of public opinion, and because of the (apparently) blatant facts that have been released in the last few days it can't be much of a surprise that the current opinion of the community is running against you.  If the Infosec Institute means to manage the message on this issue, then they should get a coherent, complete, and reasonable explanation out in a hurry.  You asked for recommendations so, off the top of my head:

-Peter has gone out of his way to document his communications with you, grievances, and legal proof of his allegations.  He then made these publicly available.  You could do the same.  Currently it seems like your organization went incommunicado on the issue, and that vacuum isn't helping perceptions.  If you've actively been working through this then show it.

-The "it was a contractor's fault" response is going to be a rough road if you decide to take it.  You might find some legal coverage by playing that card depending on your contracting and the skill of your lawyers, but within the security community I'd expect more blowback than forgiveness.  You don't just trip and accidentally copy an entire (massive) work from a well known individual, do a crtl-f find/replace for names, and build an entire course around the material without someone within your organization noticing.  That just doesn't pass the scratch and sniff test.  For many of this it sounds a lot like one Mr. Gregory Evans. (http://www.amazon.com/How-Become-Worlds-No-Hacker/dp/0982609108)  Please explain how this made it through all of the expected reviews/planning/etc that would go with building a course without someone in your company realizing what was going on.  Otherwise, are you stating that you simply bought, without any review, the product of a contractor and immediately started selling/teaching the material?  Do you do this with all of your materials? Have you initiated a review of all of your other course materials to make sure this isn't systemic?

-A quick check of your website shows that the CEPT certification course is still being offered. It also shows that the course includes "9 domains". Are these the same 9 domains that were in the course previously?  Meaning, are you still offering the same course with the same material that is the source of these allegations?  Your posting seems to imply a significant amount of due diligence was performed after you were informed of the plagiarism... did that not include removing the course from your site? Are you still making money from Peter's material in any way?  If not, then explicitly state the current status of the course and material.

Again, this is just a response to your request for suggestions.  If you've already answered these points in some other format then please let us know where.  A quick review of your website doesn't seem to show anything.

Thanks guys for the advice! Here is a response we have put officially on our blog:

http://resources.infosecinstitute.com/two-sides-to-every-story/

To clarify here, this website material was used ONCE for ONE run of the exploit writing class. Not our advanced/cept class. The class had 7 students in it, and all were refunded and credited. Those guys have spent the last two years trying to contact people in our other classes all the time to find other times it was used, and you can bet if they did they would be writing it all over the place.

Even though it is not "legally" our fault, we have offered to make a public apology as well as pay $5000 to peter. I think this is a fair response, but we will take what you have said to heart.

Seriously, all these guys want is blood. Nothing else.

Just a thought- When you stick you're name on something and sell it, you are responsible. If I slap some stickers on a book over the authors name and start selling it as my own, I am responsible.

The simplest solution is just pay Peter's lawyer costs and give him access to review your current course. You've already apologized. Then go after the original culprit for the losses. That case is a slam dunk. If he has any sense (which is doubtful considering his past actions), he'll settle . If not, his check will be garnished for quite a while.

The damage to your company's reputation grows by the day and it would behoove you to nip it in the bud.