Linux Heap Exploitation - Part 1
What you'll learn
- Scripting exploits with pwntools
- Introspecting the heap with pwndbg
- The House of Force technique
- The Fastbin Dup technique
- The Unsafe Unlink technique
- The Safe Unlink technique
- The House of Orange technique
- Using one-gadgets to drop a shell
- Leveraging a single-byte heap overflow to drop a shell
- Familiarity with the Linux command line environment
- Basic debugging skills
- A Linux VM or Host
For nearly 20 years, exploiting memory allocators has been something of an art form. Become part of that legacy with HeapLAB.
The GNU C Library (GLIBC) is a fundamental part of most Linux desktop and many embedded distributions; its memory allocator is used in everything from starting threads to dealing with I/O. Learn how to leverage this vast attack surface via different heap exploitation techniques, from the original "Unsafe Unlink" to the beautiful overflow-to-shell "House of Orange".
In this hands-on course, students will alternate between learning new techniques and developing their own exploits based on what they've learned. We'll make use of the pwntools and pwndbg frameworks to drop shells from vulnerable practice binaries, and you'll take on challenges that test what you've learned.
Who this course is for:
- Exploit developers
- Capture The Flag (CTF) players
- Those wishing to learn more about exploit dev than just stack buffer overflows
- Anyone interested in weird machines
Max Kamper is an independent researcher and exploit developer. A former Royal Marines Commando, Max was a member of the Information Exploitation Group's electronic warfare squadron.
Having traded radio signals for process signals, he now teaches exploit development at hacker conferences such as 44CON and Ringzer0. Max is also the author of the ROP Emporium website, a resource for learning practical return-oriented programming on different architectures.