Hacking Courses

Heap Exploitation Training : A Comprehensive Guide From Basics To Advanced Techniques

This article delves into our comprehensive training program designed to teach you the intricacies of exploiting heap vulnerabilities in glibc.

Originally taught at prestigious conferences like DEFCON and CanSecWest, this program offers a mix of free videos, slides, and hands-on exercises to enhance your learning.

Whether you are a beginner looking to understand the basics of malloc and heap vulnerabilities or an experienced hacker seeking advanced techniques, our modular course structure is tailored to optimize your time and deepen your expertise in this complex subject matter.

Join us to master the art of heap exploitation and fortify your cybersecurity toolkit.

  • Heap exploitation training for glibc.
  • Taught at DEFCON, CanSecWest and many other conferences.
  • Contains free videos, slides and exercises.
    • Videos are made for modules 1-6. The next five are in progress!
  • Installation steps for docker and virtual machine are below.

Modules

There is a lot of content here. So, there are two ways to go through it:

  • Go through each of the modules as specified in the order below.
  • Do the first 5 then skip to 10 & 11.
    • Personally, I think this is the best bang-for-your-time if you’re time limited. But all of the content is fun and well-polished.

Whatever you do, do NOT skip the first two modules. These are the most important concepts in the entire course.

Introduction To Heap

  1. Course introduction
  2. Introduction to Malloc
  3. Heap Vulnerability Classes:
    • Double free
    • Use after free
    • Arbitrary Frees

Techniques

  1. Fd Poison:
    • Tcache
    • 2.32+ (pointer mangling)
  2. Unlink
  3. Overlapping chunks
  4. House of Force
  5. Unsorted Bin Attack && TCache Stashing Demo
  6. House of Spirit
  7. Mmap Chunks + House of Muney — not tested yet

Final Countdown

  1. Leaks
  2. HTTP Server (final challenge)

Unused

  • House of IO and New:
    • Pointer mangling and House IO. Fun challenges in there but not super relevant anymore.
  • House of Orange:
    • Out of date + the POC doesn’t work as you’d expect.

For more information click here.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Leave a Comment
Share
Published by
Varshini
Tags: cybersecurityinformationsecuritykalilinuxkalilinuxtools
3 months ago

Recent Posts

Playwright-MCP : A Powerful Tool For Browser Automation

Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…

2 weeks ago

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

2 weeks ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

2 weeks ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

2 weeks ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

2 weeks ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

2 weeks ago