Hacking Courses

Heap Exploitation Training : A Comprehensive Guide From Basics To Advanced Techniques

This article delves into our comprehensive training program designed to teach you the intricacies of exploiting heap vulnerabilities in glibc.

Originally taught at prestigious conferences like DEFCON and CanSecWest, this program offers a mix of free videos, slides, and hands-on exercises to enhance your learning.

Whether you are a beginner looking to understand the basics of malloc and heap vulnerabilities or an experienced hacker seeking advanced techniques, our modular course structure is tailored to optimize your time and deepen your expertise in this complex subject matter.

Join us to master the art of heap exploitation and fortify your cybersecurity toolkit.

  • Heap exploitation training for glibc.
  • Taught at DEFCON, CanSecWest and many other conferences.
  • Contains free videos, slides and exercises.
    • Videos are made for modules 1-6. The next five are in progress!
  • Installation steps for docker and virtual machine are below.

Modules

There is a lot of content here. So, there are two ways to go through it:

  • Go through each of the modules as specified in the order below.
  • Do the first 5 then skip to 10 & 11.
    • Personally, I think this is the best bang-for-your-time if you’re time limited. But all of the content is fun and well-polished.

Whatever you do, do NOT skip the first two modules. These are the most important concepts in the entire course.

Introduction To Heap

  1. Course introduction
  2. Introduction to Malloc
  3. Heap Vulnerability Classes:
    • Double free
    • Use after free
    • Arbitrary Frees

Techniques

  1. Fd Poison:
    • Tcache
    • 2.32+ (pointer mangling)
  2. Unlink
  3. Overlapping chunks
  4. House of Force
  5. Unsorted Bin Attack && TCache Stashing Demo
  6. House of Spirit
  7. Mmap Chunks + House of Muney — not tested yet

Final Countdown

  1. Leaks
  2. HTTP Server (final challenge)

Unused

  • House of IO and New:
    • Pointer mangling and House IO. Fun challenges in there but not super relevant anymore.
  • House of Orange:
    • Out of date + the POC doesn’t work as you’d expect.

For more information click here.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Leave a Comment
Share
Published by
Varshini
Tags: cybersecurityinformationsecuritykalilinuxkalilinuxtools
37 minutes ago

Recent Posts

LitterBox : The Ultimate Sandbox Environment For Malware Testing And Red Team Operations

Your malware's favorite sandbox - where red teamers come to bury their payloads. A sandbox…

37 minutes ago

RWX_MEMORY_HUNT_AND_INJECTION_DV : Exploiting OneDrive.exe To Inject Shellcode Without New RWX Allocations

Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new…

37 minutes ago

BloodHound.py : Installation, Usage, And Features

BloodHound.py is a Python based ingestor for BloodHound, based on Impacket. The code in this…

38 minutes ago

100 Days Of Rust 2025 : From Incident Response To Linux System Programming

In 2025 I wanted to try something new. In addition to a traditional 100 days…

3 days ago

Presenterm : Revolutionizing Terminal-Based Presentations With Markdown

presenterm lets you create presentations in markdown format and run them from your terminal, with…

3 days ago

JailbreakEval : Automating the Evaluation Of Language Model Security

Jailbreak is an attack that prompts a language model to give actionable responses to harmful…

3 days ago