This article delves into our comprehensive training program designed to teach you the intricacies of exploiting heap vulnerabilities in glibc.

Originally taught at prestigious conferences like DEFCON and CanSecWest, this program offers a mix of free videos, slides, and hands-on exercises to enhance your learning.

Whether you are a beginner looking to understand the basics of malloc and heap vulnerabilities or an experienced hacker seeking advanced techniques, our modular course structure is tailored to optimize your time and deepen your expertise in this complex subject matter.

Join us to master the art of heap exploitation and fortify your cybersecurity toolkit.

  • Heap exploitation training for glibc.
  • Taught at DEFCON, CanSecWest and many other conferences.
  • Contains free videos, slides and exercises.
    • Videos are made for modules 1-6. The next five are in progress!
  • Installation steps for docker and virtual machine are below.

Modules

There is a lot of content here. So, there are two ways to go through it:

  • Go through each of the modules as specified in the order below.
  • Do the first 5 then skip to 10 & 11.
    • Personally, I think this is the best bang-for-your-time if you’re time limited. But all of the content is fun and well-polished.

Whatever you do, do NOT skip the first two modules. These are the most important concepts in the entire course.

Introduction To Heap

  1. Course introduction
  2. Introduction to Malloc
  3. Heap Vulnerability Classes:
    • Double free
    • Use after free
    • Arbitrary Frees

Techniques

  1. Fd Poison:
    • Tcache
    • 2.32+ (pointer mangling)
  2. Unlink
  3. Overlapping chunks
  4. House of Force
  5. Unsorted Bin Attack && TCache Stashing Demo
  6. House of Spirit
  7. Mmap Chunks + House of Muney — not tested yet

Final Countdown

  1. Leaks
  2. HTTP Server (final challenge)

Unused

  • House of IO and New:
    • Pointer mangling and House IO. Fun challenges in there but not super relevant anymore.
  • House of Orange:
    • Out of date + the POC doesn’t work as you’d expect.

For more information click here.

LEAVE A REPLY

Please enter your comment!
Please enter your name here